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TITLE OF THE INVENTION 

Content Duplication Content Management System, Apparatus and 
Method, Playback Apparatus and Method, and Computer Program 



5 This application is based on an application 

no. 2 0 02-249215 filed in Japan, the content of which is hereby 
incorporated by reference. 



BACKGROUND OF THE INVENTION 

10 1 . Field of the Invention 

The present invention relates to a 

content duplication content management system that manages 
duplication of content o content requiring copyright 
protection . 



15 



20 



2 . Related Art 

In recent years, the digitalizat ion and circulation of 
movies, music and so forth as digital content a content has 
become prevalent . 

Digital content 3 content have the quality of being 
easily duplicated without deterioration in quality. 

Technology for preventing the unrestricted duplication 
of content a content is disclosed in unexamined Japanese 
patent application no. 2000-357213. 
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In unexamined Japanese patent application no. 
2000-357213, a recording apparatus, which is content 
duplication source, manages a remaining number of 
duplications permitted of — a — content content . Mutual 
5 authentication is conducted between the recording apparatus 
and a recording medium to which the content is to be duplicated, 
and if mutual authentication is successful, the recording 
apparatus duplicates the content to the recording medium 
within a range of the remaining number, and subtracts u l" 
10 from the remaining number. Also, when a duplicated content 
is deleted from the recording medium, the recording apparatus 
adds "1" to the remaining number of the content. 

As such, the technology disclosed in unexamined 
Japanese patent application no. 2000-357213 allows for 
15 copyright protection by preventing the unrestricted 
| diffusion of contcnto content , using mutual authentication 
and management of a remaining number. 

SUMMARY OF THE INVENTION 

20 However, because the above duplication management 

technology does not anticipate the use of a network that 
includes a home network, the following problems arise. 

When the above duplication management technology is 
applied in a configuration in which devices that use 
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content s content are connected via a network, the stiffening 
of restrictions applied to content duplication means that 
while content duplication restrictions on devices connected 
outside the home network become stiffer, thus allowing for 
copyright protection, content duplication restrictions are 
also stiffened for devices connected within the home network, 
over which private content usage is conducted, and 
convenience for home network users is thus compromised. 

On the other hand, although relaxing duplication 
restrictions means that convenience is improved with respect 
to home use, the down side is that duplicated cont cnt 3 content 
will find thcir its way to devices outside of the home. 

In view of the above problems, the present invention 
aims to provide a content duplication content management 
system that allows convenient content duplication for users, 
while protecting the rights of copyright holders, when a 
network that includes a home network is used. 

( 1 ) A content duplication t content management 
apparatus of the present invention manages duplication and 
deletion of a — content content with respect to a playback 
apparatus connected to a network, based on requests acquired 
from the playback apparatus, and includes: a group judging 
unit operable to judge whether the playback apparatus belongs 
to a predetermined group; a holding unit operable to hold 



an in- group remaining number and an out -group remaining 
number, the in-group remaining number being a remaining 
number of duplications of the content permitted of 
apparatuses belonging to the group, and the out-group 
5 remaining number being a remaining number of duplications 
of the content permitted of apparatuses not belonging to the 
group; and a management unit operable, in response to a 
request acquired from the playback apparatus, to (i) reply 
in the affirmative and update the in-group remaining number 

10 or reply in the negative, based on the in-group remaining 
number, when the playback apparatus is judged to belong to 
the group, and (ii) reply in the affirmative and update the 
out -group remaining number or reply in the negative, based 
on the out -group remaining number, when the playback 

15 apparatus is judged to not belong to the group. 

According to this structure, the number of duplications 
to in-group and out-group apparatuses is managed separately, 
thus allowing for copyright protection by stiffening 
restrictions on content duplication to out-group apparatuses, 

20 and for improvements in user convenience by relaxing 
restrictions on content duplication to in-group apparatuses . 

(2) Also, the request maybe a duplication request, and 
the management unit may, in response to the duplication 
request, (i) reply in the affirmative and subtract "1" from 
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the in-group remaining number if the in-group remaining 
number is not "0" , and reply in the negative if the in-group 
remaining number is n 0", when the playback apparatus is 
judged to belong to the group, and (ii) reply in the 
5 affirmative and subtract u l" from the out-group remaining 
number if the out-group remaining number is not "0" , and reply 
in the negative if the out-group remaining number is "0", 
when the playback apparatus is judged to not belong to the 
group . 

10 According to this structure, the number of duplications 

to in-group and out-group apparatuses is managed separately, 
thus allowing for copyright protection by stiffening 
restrictions on content duplication to out-group apparatuses, 
and for improvements in user convenience by relaxing 

15 restrictions on content duplication to in-group apparatuses . 

(3) Also, the request may be a deletion request, and 
the management unit may, in response to the deletion request, 
(i) reply in the affirmative and add "1" to the in-group 
remaining number when the playback apparatus is judged to 

20 belong to the group, and (ii) reply in the affirmative and 
add w l" to the out -group remaining number when the playback 
apparatus is judged to not belong to the group. 

According to this structure, the number of duplications 
to in-group and out-group apparatuses is managed separately, 
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thus allowing for copyright protection by stiffening 
restrictions on content duplication to out-group apparatuses, 
and for improvements in user convenience by relaxing 
restrictions on content duplication to in-group apparatuses . 
5 (4) Also, the request may include start information 

indicating a start time of duplication or deletion of the 
content, the content duplication content management 
apparatus may further include a time management unit that 
includes a clock and is operable, when the start time is shown 

10 by the clock, to output an operation instruction to the 
management unit, and the management unit may, on receipt of 
the operation instruction, (i) reply in the affirmative and 
update the in-group remaining number or reply in the negative, 
based on the in-group remaining number, when the playback 

15 apparatus is judged to belong to the group, and (ii) reply 
in the affirmative and update the out-group remaining number 
or reply in the negative, based on the out -group remaining 
number, when the playback apparatus is judged to not belong 
to the group. 

20 According to this structure, duplication/deletion of 




content is conducted efficiently at a predetermined 



time, such as when network traffic is low, thus enabling user 
convenience to be improved. 

(5) Also, the request may include a usage expiry 
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date -time of the content, the content duplication content 
management apparatus may further include a time management 
unit that includes a clock and is operable, when the usage 
expiry date-time is shown by the clock, to output an operation 
5 instruction to the management unit, and the management unit 
may, on receipt of the operation instruction, (i) add "1" 
to the in- group remaining number when the playback apparatus 
is judged to belong to the group, and (ii) add u l" to the 
out -group remaining number when the playback apparatus is 

10 judged to not belong to the group. 

According to this structure, unrestricted 
duplication/usage of content o content is prevented by 
limiting content usage to a predetermined usage expiry 
date- time, thus enabling copyright protection to be 

15 strengthened. 

(6) Also, the management unit may notify to the playback 
apparatus, transfer information showing a number that is less 
than or equal to at least one of the in-group remaining number 
and the out-group remaining number, and subtract the number 

20 shown by the transfer information from the at least one of 
the in-group remaining number and the out -group remaining 
number . 

According to this structure, user convenience is 
improved by dispersing the management authorization to 
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duplicate contcnts content , thus dispersing the burden on the 
system with respect to content duplication and speeding up 
processing . 

(7) Also, the management unit may hold 
5 duplication-generation information relating to the content, 

and (i) reply in the affirmative and update the in-group 
remaining number or reply in the negative, based on the 
duplication-generation information and the in-group 
remaining number, when the playback apparatus is judged to 

10 belong to the group, and (ii) reply in the affirmative and 
update the out -group remaining number or reply in the 
negative, based on the duplication-generation information 
and the out -group remaining number, when the playback 
apparatus is judged to not belong to the group. 

15 According to this structure, the unrestricted 

diffusion of content o content is prevented by restricting the 
generation of a duplicated content, thus enabling copyright 
protection to be strengthened. 

(8) Also, the request may include request-apparatus 
20 information unique to the playback apparatus, and the 

management unit may hold a revocation list showing one or 
more apparatuses to which content duplication is not 
permitted, and (i) reply in the affirmative and update the 
in-group remaining number or reply in the negative, based 
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on the request-apparatus information, the revocation list 
and the in- group remaining number, when the playback 
apparatus is judged to belong to the group, and (ii) reply 
in the affirmative and update the out-group remaining number 
or reply in the negative, based on the request -apparatus 
information, the revocation list and the out-group remaining 
number, when the playback apparatus is judged to not belong 
to the group. 

According to this structure, since duplication of 




•content by illegitimate apparatuses is prevented 



using a revocation list, copyright protection can be 
strengthened . 

(9) Also, the request may include request-area 
information showing an area relating to the playback 
apparatus, and the management unit may hold specified area 
information that is for restricting an area in which 
duplication and deletion of the content is executed, and (i) 
reply in the affirmative and update the in-group remaining 
number or reply in the negative, based on the request-area 
information, the specified area information and the in-group 
remaining number, when the playback apparatus is judged to 
belong to the group, and (ii) reply in the affirmative and 
update the out -group remaining number or reply in the 
negative, based on the request-area information, the 



specified area information and the out-group remaining 
number, when the playback apparatus is judged to not belong 
to the group . 

According to this structure, the unrestricted 
diffusion of content s content is prevented by geographically 
restricting the rights of content duplication, thus enabling 
copyright protection to be strengthened. 

(10) Also, the content duplication content management 
apparatus may further include an authentication unit 
operable to share a session key with the playback apparatus 
by conducting authentication processing with the playback 
apparatus; and an encryption/decryption unit operable, if 
authentication is successful, to encrypt and decrypt 
communication with the playback apparatus using the session 
key . 

According to this structure, since communication is 
encrypted, the normal playback of content s content improperly 
acquired from a communication channel is prevented, thus 
enabling copyright protection to be strengthened. 

(11) Also, the content duplication content management 
apparatus may further include a request accumulation unit 
operable to manage the requests using a request -arrival 
sequence queue, and to have the management unit execute a 
deletion request that is subsequent in the queue to a 
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duplication request, prior to the duplication request, when 
the in-group or out -group remaining number is "0" . 

According to this structure, because requests joined 
in a queue are efficiently processed by giving priority to 
5 executable processing out of the processing shown by the 
requests in the queue, user convenience is improved. 

(12) Also, the network may be a home network connected 
to an external network, the content may be acquired from 
outside the home network, and the group judging unit may judge 
10 apparatuses connected to the home network as belonging to 
the group . 

According to this structure, the unrestricted 
diffusion of content s content to apparatuses connected 
outside a home network is prevented, thus enabling copyright 

15 protection to be strengthened. 

I (13) A content duplicat ion content management method of 

the present invention is for managing duplication and 
deletion of a — content content with respect to a playback 
apparatus connected to a network, based on requests acquired 

20 from the playback apparatus, and including the steps of: 
judging whether the playback apparatus belongs to a 
predetermined group; holding an in-group remaining number 
and an out-group remaining number, the in-group remaining 
number being a remaining number of duplications of the 
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content permitted of apparatuses belonging to the group, and 
the out-group remaining number being a remaining number of 
duplications of the content permitted of apparatuses not 
belonging to the group; and in response to a request acquired 
from the playback apparatus, (i) replying in the affirmative 
and updating the in-group remaining number or replying in 
the negative, based on the in-group remaining number, when 
the playback apparatus is judged to belong to the group, and 
(ii) replying in the affirmative and updating the out-group 
remaining number or replying in the negative, based on the 
out -group remaining number, when the playback apparatus is 
judged to not belong to the group. 

According to this structure, the number of duplications 
to in-group and out-group apparatuses is managed separately, 
thus allowing for copyright protection by stiffening 
restrictions on content duplication to out-group apparatuses, 
and for improvements in user convenience by relaxing 
restrictions on content duplication to in-group apparatuses . 

(14) A computer program of the present invention is 
applied in a content duplication content management 
apparatus that manages duplication and deletion of a 
content content with respect to a playback apparatus 
connected to a network, based on requests acquired from the 
playback apparatus, and includes the steps of: judging 
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whether the playback apparatus belongs to a predetermined 
group; holding an in- group remaining number and an out -group 
remaining number, the in- group remaining number being a 
remaining number of duplications of the content permitted 
of apparatuses belonging to the group, and the out-group 
remaining number being a remaining number of duplications 
of the content permitted of apparatuses not belonging to the 
group; and in response to a request acquired from the playback 
apparatus, (i) replying in the affirmative and updating the 
in-group remaining number or replying in the negative, based 
on the in-group remaining number, when the playback apparatus 
is judged to belong to the group, and (ii) replying in the 
affirmative and updating the out-group remaining number or 
replying in the negative, based on the out-group remaining 
number, when the playback apparatus is judged to not belong 
to the group . 

According to this structure, the number of duplications 
to in-group and out -group apparatuses is managed separately, 
thus allowing for copyright protection by stiffening 
restrictions on content duplication to out-group apparatuses, 
and for improvements in user convenience by relaxing 
restrictions on content duplication to in-group apparatuses . 

(15) Also, a playback apparatus of the present 
invention requests duplication and deletion of a 
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contcnt content , with respect to a 

content duplication content management apparatus a o in claim 
1-that manages duplication and deletion of the content, the 
playback apparatus including: a request unit operable to 
request duplication or deletion of the content; a group 
notifying unit operable to notify to the 
content duplication content management apparatus , group 
information showing a group that the playback apparatus 
belongs to; an acquiring unit operable to acquire from the 
content duplication content management apparatus, 

permission information showing whether the request is 
permitted; and an execution unit operable to duplicate or 
delete the content, based on the permission information. 

According to this structure, because information 
relating to an affiliated group is provided to a management 
apparatus that separately manages the number of duplications 
to in-group and out-group apparatuses, and content o content 
are duplicated based on the response to information provided, 
copyright protection can be provided by stiffening 
restrictions on content duplication in the case of out-group 
apparatuses , and user convenience can be improved by relaxing 
restrictions on content duplication in the case of in-group 
apparatuses . 

(16) Also, the playback apparatus may further include 
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a broadcast transmitting unit operable to broadcast to 
apparatuses over a network, identification information 
identifying the content whose duplication or deletion is 
requested; a reply receiving unit operable to receive a 
response to the broadcasted identification information; and 
a selecting unit operable to select, based on a predetermined 
condition, one apparatus from apparatuses that respond to 
the broadcast. Furthermore, the request unit may request the 
selected apparatus for permission to duplicate the content. 

According to this structure, since it is possible to 
select, as a delivery apparatus from a plurality of 
apparatuses, an apparatus that meets a predetermined 
condition using broadcast communication, user convenience 
can be improved. 

(17) Also, the apparatuses over the network may each 
have a preset priority level, and the selecting unit may 
select, from the apparatuses that respond, the apparatus 
having the highest priority level. 

According to this structure, because duplication 
processing is executed after selecting, as the delivery 
apparatus, an apparatus having the highest priority level 
among apparatuses that respond, user convenience can be 
improved . 

(18) Also, the apparatuses over the network may each 
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prehold capability information showing an information 
processing capability of the apparatus, the response may 
include the capability information, and the selecting unit 
may select, from the apparatuses that respond, the apparatus 
5 having capability information that shows the highest 
information processing capability. 

According to this structure, because duplication 
processing is executed after selecting, as the delivery 
apparatus, an apparatus having the highest information 
10 processing capability among apparatuses that respond, user 
convenience can be improved. 

(19) Also, the selecting unit may select the first 
apparatus to respond. 

According to this structure, because duplication 
15 processing is executed after selecting the first apparatus 
to respond as the delivery apparatus, user convenience can 
be improved . 

(20) Also, the selecting unit may select, from the 
apparatuses that respond, the apparatus having the shortest 

20 round- trip time between an ICMP echo request message and an 
ICMP echo reply message. 

According to this structure, because duplication 
processing is executed after selecting as the delivery 
apparatus the apparatus able to communicate the fastest, user 
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convenience can be improved. 

(21) Also, the content duplication content management 
apparatus may notify to the playback apparatus, transfer 
information showing a number that is less than or equal to 
at least one of the in-group remaining number and the 
out -group remaining number, and the playback apparatus may 
further include a management unit operable to acquire the 
transfer information, and to permit decryption of the content 
within a range of the number shown by the transfer information, 
with respect to another apparatus . 

According to this structure, since duplication 
management of contents content is executed in conjunction 
with a delivery apparatus by receiving transfer of management 
authorization to duplicate content o content with respect to 
another apparatus, efficient duplication of content s content 
becomes possible while reducing the burden of content 
duplication management, thus enabling user convenience to 
be improved . 

(22) Also, the permission information may include a 
usage expiry date- time of the content, and the playback 
apparatus may further include a clock; and a management unit 
operable to delete the content when the usage expiry 
date-time is shown by the clock. 

According to this structure, unrestricted 
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duplication/usage of content o content is prevented by 
limiting content usage to a predetermined usage expiry 
date- time, thus enabling copyright protection to be 
strengthened . 

(23) Also, the playback apparatus may further include 
an authentication unit operable to share a session key with 
the content duplication content management apparatus by 
conducting authentication processing with the 
content duplication content management apparatus ; and an 

10 encryption/decryption unit operable, if authentication is 
successful, to encrypt and decrypt communication with the 
content duplication content management apparatus using the 
session key. 

According to this structure, since communication is 
15 encrypted, the normal playback of content o content improperly 
acquired from a communication channel is prevented, thus 
enabling copyright protection to be strengthened. 

(24) Also, the playback apparatus may be a recording 
medium having an IC. 

20 According to this structure, because information 

relating to an affiliated group is provided to a management 
apparatus that separately manages the number of duplications 
to in-group and out-group apparatuses, and con t cnt a cont ent 
are duplicated based on the response to information provided, 
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copyright protection can be provided by stiffening 
restrictions on content duplication in the case of out-group 
apparatuses , and user convenience can be improved by relaxing 
restrictions on content duplication in the case of in-group 
apparatuses . 

(25) A playback method of the present invention is for 
requesting duplication and deletion of a contcnt content , 
with respect to a content duplication content management 
apparatus ao in claim 1 that manages duplication and deletion 
of the content, the playback method including the steps of: 
requesting duplication or deletion of the content; notifying 
to the content duplication content management apparatus , 
group information showing a group that the playback apparatus 
belongs to; acquiring from the content duplication content 
management apparatus, permission information showing 
whether the request is permitted; and duplicating or deleting 
the content, based on the permission information. 

According to this structure, because information 
relating to an affiliated group is provided to a management 
apparatus that separately manages the number of duplications 
to in-group and out -group apparatuses, and the management 
apparatus is made to judge as to whether to stiffen content 
duplication restrictions to provide copyright protection or 
to relax content duplication restrictions to improve user 
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convenience, it is possible to duplicate content s content 
appropriately based on the judgment result. 

(26) A computer program of the present invention is 
applied in a playback apparatus that requests duplication 
and deletion of a — contcnt content , with respect to a 
content duplication content management apparatus aa in claim 
i-that manages duplication and deletion of the content, the 
computer program including the steps of: requesting 
duplication or deletion of the content; notifying to the 
content duplication content management apparatus , group 
information showing a group that the playback apparatus 
belongs to; acquiring from the content duplication content 
management apparatus, permission information showing 
whether the request is permitted; and duplicating or deleting 
the content, based on the permission information. 

According to this structure, because information 
relating to an affiliated group is provided to a management 
apparatus that separately manages the number of duplications 
to in-group and out-group apparatuses, and the management 
apparatus is made to judge as to whether to stiffen content 
duplication restrictions to provide copyright protection or 
to relax content duplication restrictions to improve user 
convenience, it is possible to duplicate content s content 
appropriately based on the judgment result. 
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(27) Also, a content dupli cat ion con tent management 
system of the present invention includes a playback apparatus 

that requests and plays a contcnt content , and a 

content dupli cation content management apparatus that is 
connected to the playback apparatus via a network and manages 
duplication and deletion of the content with respect to the 
playback apparatus. The playback apparatus includes: a 
request unit operable to request duplication or deletion of 
the content; a group notifying unit operable to notify to 
10 the content dupli cation content management apparatus , group 
information showing a group that the playback apparatus 
belongs to; an acquiring unit operable to acquire from the 
content duplication content management apparatus, 

permission information showing whether the request is 
15 permitted; and an execution unit operable to duplicate or 
delete the content, based on the permission information. On 
the other hand, the content duplication content management 
apparatus includes: a group judging unit operable to judge 
whether the playback apparatus belongs to a predetermined 
20 group, based on the group information notified from the 
playback apparatus; a holding unit operable to hold an 
in-group remaining number and an out-group remaining number, 
the in-group remaining number being a remaining number of 
duplications of the content permitted of apparatuses 
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belonging to the predetermined group, and the out -group 
remaining number being a remaining number of duplications 
of the content permitted of apparatuses not belonging to the 
predetermined group; and a management unit operable, in 
response to the request acquired from the playback apparatus, 
to (i) reply in the affirmative and update the in-group 
remaining number or reply in the negative, based on the 
in-group remaining number, when the playback apparatus is 
judged to belong to the predetermined group, and (ii) reply 
in the affirmative and update the out -group remaining number 
or reply in the negative, based on the out-group remaining 
number, when the playback apparatus is judged to not belong 
to the predetermined group. 

According to this structure, a 

content duplication content management apparatus conducts 
controls to separately manage the number of duplications to 
in-group and out-group apparatuses, to provide copyright 
protection by stiffening restrictions on content duplication 
to out -group apparatuses, and to improve user convenience 
by relaxing restrictions on content duplication to in-group 
apparatuses, and a content playback apparatus operates in 
accordance with the controls, thus enabling a strengthening 
of copyright protection and improvements in user convenience 
to be realized. 
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(28) Also, the content duplication content management 
apparatus may request an accounting system to manage 
accounting, when the management unit replies in the 
affirmative . 

According to this structure, it is possible to conduct 
accounting with respect to content duplication, thus 
enabling copyright protection to be strengthened. 

BRIEF DESCRIPTION OF THE DRAWINGS 

These and other objects, advantages and features of the 
invention will become apparent from the following 
description thereof taken in conjunction with the 
accompanying drawings that illustrate specific embodiments 
of the present invention. 

In the drawings : 

Fig.l is a block diagram showing an overall structure of a 

group formation/management system 1; 
Fig. 2 is a block diagram showing a structure of an AD server 

100; 

Fig. 3 shows a structure of registration information; 
Fig. 4 is a block diagram showing a structure of a playback 
apparatus 2 00; 

Fig. 5 is a block diagram showing a structure of an on- vehicle 
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device 3 00; 

Fig. 6 is a block diagram showing a structure of an IC card 
400; 

Fig. 7 is a flowchart showing SAC establishment processing 

(cont . in Fig . 8 ) ; 
Fig. 8 is a flowchart showing SAC establishment processing 

(cont. from Fig. 7); 
Fig. 9 is a flowchart showing operations by which AD server 

100 registers playback apparatus 200; 
Fig. 10 is a flowchart showing operations by which AD server 

100 registers on-vehicle device 300; 
Fig. 11 is a flowchart showing operations by which AD server 

100 registers on-vehicle device 300; 
Fig. 12 is a flowchart showing operations to deliver a 

contcnt content ; 
Fig. 13 is a flowchart showing part of the operations to 

deliver a contcnt content ; 
Fig. 14 is a flowchart showing operations to record a 

contcnt content onto a DVD; 
Fig. 15 is a flowchart showing operations to withdraw from 

AD server 100; 

Fig. 16 is block diagram showing a structure of a key delivery 
system 1000; 

Fig. 17 is block diagram showing a structure of a 
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content content server 10 01; 
Fig. 18 is block diagram showing a structure of a 

content content storage unit 1011; 
Fig. 19 is block diagram showing a structure of a management 

information storage unit 1012; 
Fig . 20 shows a data structure of a key information table T1001 

included in a key- information storage unit 1031; 
Fig. 21 shows a data structure of a delivered key information 

table T1002 included in a delivered key- information 

storage unit 1032; 
Fig. 22 is block diagram showing a structure of a recording 

medium 10 02; 

Fig . 23 shows a data structure of a delivered content key table 

T1101 included in a usage-key storage unit 1102; 
Fig. 24 is block diagram showing a structure of a playback 

apparatus 10 03 ; 
Fig. 25 is block diagram showing a structure of a playback 

apparatus 1004; 
Fig. 26 is a flowchart showing content key management 

processing (cont. in Fig. 27) ; 
Fig. 27 is a flowchart showing content key management 

processing (cont. from Fig. 28); 
Fig. 28 is a flowchart showing authentication processing; 
Fig. 29 is a flowchart showing time management processing; 
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Fig. 30 is a flowchart showing operations at a playback time 

in playback apparatus 1004; 
Fig. 31 is a flowchart showing operations at a playback time 
in playback apparatus 1003 ; 
5 Fig. 32 is a flowchart showing operations at a usage time of 
recording medium 1002 in content server 1001; 
Fig. 33 is a flowchart showing operations at a playback time 

in content server 1001; 
Fig. 34 is a flowchart showing key confirmation processing; 
10 Fig. 3 5 is a flowchart showing operations at a time of advance 
delivery of a content key; 
Fig. 36 is a block diagram showing a structure of a 

content duplication content management system 2000; 
Fig. 37 is a block diagram showing a structure of a content 
15 server 2 0 01; 

Figs.3 8A/3 8B show information held by a 

duplication- restrict ion information management unit 
2102 ; 

Fig. 3 9 is a block diagram showing a structure of a playback 
20 apparatus 2 0 02; 

Fig. 40 is a block diagram showing a structure of a playback 

apparatus 2 003 and an internal IC portable recording 

medium 2 0 04; 

Fig. 41 is a block diagram showing a structure of a playback 
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apparatus 2006; 
Fig. 42 is a flowchart showing duplication-source 

determination processing; 
Fig. 43 is a flowchart showing mutual device authentication 

and key sharing operations conducted between a delivery 

apparatus and a request apparatus (cont. in Fig. 44) ; 
Fig. 44 is a flowchart showing mutual device authentication 

and key sharing operations conducted between a delivery 

apparatus and a request apparatus (cont. from Fig. 43) ; 
Fig. 45 is a flowchart showing duplication processing; 
Fig. 46 is a flowchart showing duplication-restriction 

information transfer processing; 
Fig. 47 is a flowchart showing usage period management 

processing to manage content a content whose usage 

expiry date-time has been determined; 
Fig. 48 is a flowchart showing duplication reservation 

processing; 

Fig. 49 is a flowchart showing return processing; 

Fig. 50 is a block diagram showing a structure in which a 
representative device representing a plurality of 
client devices registers in an AD server 600; 

Fig. 51 shows conceptually the formation of a single group 
from a plurality of groups; and 

Fig. 52 shows conceptually the division of a single group to 
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form a plurality of groups. 



DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS OF THE 
INVENTION 

5 An embodiment of the present invention will now be 

described in detail with reference to the drawings. 

1 . Structure of Group Formation/Management System 

As shown in Fig.l, a group formation/management system 

10 1 is structured from an authorized domain (AD) server 100, 
a playback apparatus 200, an on-vehicle device 300, an IC 
card 4 00, and a DVD 500. 

AD server 100 and playback apparatus 2 00, which is 
connected to a monitor 251 and a speaker 252, are disposed 

15 in a user's home and are connected online. On-vehicle device 
300 is mounted in a vehicle owned by the user. IC card 400 
and DVD 500 are connectable to AD server 100 and on-vehicle 
device 300. IC card 400 is affiliated with AD server 100, 
and AD server 100 only operates when IC card 400 is connected 

20 thereto. 

Group formation/management system 1 is a system in 
which AD server 100 manages an authorized domain (AD) , being 
a range within which content usage is permitted. 

AD server 100 receives and manages the registration of 
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client devices, and AD server 100 and registered client 
devices share common secret information (CSI) generated by 
AD server 100. Mutual authentication using shared CSI is 
conducted among devices within the same authorized domain, 
and when authorization is successful, 

transmission/reception, copying and the like of 
content s content is conducted among these devices. Because 
the CSI differs between authorized domains, devices not 
holding the CSI of the authorized domain managed by AD server 
100 cannot transmit/receive or copy content o content 
available within the authorized domain of AD server 100. 

Playback apparatus 200 is connected to AD server 100 
and is thus able to conduct authentication and to register 
as a client device. Also, on-vehicle device 300, although 
not connected to AD server 100 , is able to register as a client 
device by having CSI stored on IC card 400 and notifying the 
CSI from IC card 400 to on-vehicle device 300. 

1.1 Structure of AD Server 100 

As shown in Fig. 2, AD server 100 is structured from a 
control unit 101, a secret-key storage unit 102, a 
public-key-certificate storage unit 103, a CRL storage unit 
104, a public-key-encryption processing unit 105, a 
registration- information storage unit 106, a CSI generation 
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unit 107, a CSI storage unit 108, a content storage unit 109, 
an encryption unit 110, an ID storage unit 111, a drive unit 
112, an input unit 113, a display unit 114, an input/output 
(10) unit 115, an input/output (IO) unit 116, a decryption 
unit 117, a content-key storage unit 118, and an encryption 
unit 119. 

AD server 100 is specifically a computer system 
structured from a microprocessor, a ROM, a RAM, a hard disk 
unit and the like. A computer program is stored on the RAM 
or the hard disk unit. AD server 100 carries out functions 
as a result of the microprocessor operating in accordance 
with the computer program. 

AD server 100 conducts processing to register devices, 
manage copying of CSI and withdrawals, deliver 




content , and copy contcnto content . 



Each of the elements will now be described. 

(1) IO Unit 115, 116, Drive Unit 112 

10 unit 115 conducts transmission/reception of data 
with playback apparatus 200 . IO unit 116 , when the connection 
of IC card 400 is detected, outputs the detection to control 
unit 101. Also, IO unit 116 conducts transmission/reception 
of data with IC card 400. Drive unit 112 writes/reads data 
to/from DVD 500 . 
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(2) Secret-Key Storage Unit 102, Public-Key-Certificate 
Storage Unit 103, CRL Storage Unit 104, Content Storage Unit 
109, ID Storage Unit 111, Content -Key Storage Unit 118 
5 ID storage unit 111 stores an JD_1, which is an 

identifier (ID) unique to AD server 100. 

Public-key-certificate storage unit 103 stores a 
public key certificate (PKC) Cert_l . 

PKC Cert_l certifies that a public key PK_1 is the 
10 legitimate public key of AD server 100. PKC Cert_l includes 
signature data Sig_CAl, public key PK_1 , and ID_1 . Signature 
data Sig_CAl is generated by a certification authority (CA) 
performing a signature algorithm S on public key PK_1 and 
ID_1 . Here, a CA is a reliable third party authority, and 
15 issues public key certificates certifying the legitimacy of 
the public keys of devices belonging to group 
formation/management system 1. Moreover, signature 
algorithm 5 is, as one example, an ElGamal signature over 
a finite field. Since ElGamal signatures are known technology, 
20 a description is omitted here. 

Secret-key storage unit 102 is a tamper-resistant area 
that cannot be viewed from outside, and stores a secret key 
SK_1 corresponding to public key PK_1 . 

CRL storage unit 104 stores a certificate revocation 
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list ( CRL») . A CRL is a list, issued by a CA, in which are 
registered the IDs of invalidated devices, which are devices 
that have conducted improper processing, devices whose 
secret key has been disclosed, and the like. Moreover, it 
need not be device IDs that are registered in a CRL, but may 
be the serial numbers of public key certificates held by 
invalidated devices. A CRL is distributed to devices, for 
example, via a broadcast, the Internet or stored on a 
recording medium such as DVD, and devices obtain the most 
recent CRL. Moreover, a detailed diocloocr disclosure of CRLs 
can be found in the American National Standards Institute's 
ANSI X9.57: "Public Key Cryptography for the Financial 
Services Industry: Certificate Management," 1997. 

Content storage unit 109 stores encrypted 
content o content encrypted using content keys. Moreover, 
although the method of acquiring content a content is not the 
subject of the present invention and a description is thus 
omitted here, acquisition methods include, for example, 
acquiring content a content using the Internet, broadcasts or 
the like, or acquiring content s content from a recording 
medium such as a DVD . 

Content-key storage unit 118 receives an encrypted 
content key a from encryption unit 110, and stores the 
encrypted content key a. 
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(3) Public -Key- Encrypt ion Processing Unit 105 

Public-key-encryption processing unit 105 conducts 
authentication at a time of communicating with another device, 
5 and establishes a secure authenticated channel (SAC) . A SAC 
refers to a safe communication channel that enables encrypted 
communication. As a result of processing to establish a SAC, 
it is possible to confirm that the device being authenticated 
is a legitimate device recognized by the CA. A detailed 
10 description of the SAC establishment method is given later. 
Also, unit 105, as a result of the authentication, shares 
a session key SK. 



(4) Registration- Information Storage Unit 106 
15 Registration-information storage unit 106 is a 

tamper-resistant area, and stores registration information 
as shown in Fig.3A. Registration information is information 
for managing the number of devices registerable in AD server 
100 and the ID of registered devices, and is structured from 
20 DEVICE ID, MAXIMUM, REGISTERED, REMAINING, and IC CARD ID. 

DEVICE ID is an area storing the ID of devices 
registered in AD server 100. When playback apparatus 200 and 
on-vehicle device 300 are registered in AD server 100, an 
ID_2 and an ID_3 , being the respective IDs of devices 2 00 
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and 300, are stored, as shown in Fig.3B. 

MAXIMUM shows the maximum number of devices 
registerable in AD server 100, the maximum number being two 
in the present embodiment. REGISTERED shows the number of 
devices already registered in AD server 100. REMAINING shows 
the remaining number of devices registerable in AD server 
100 . 

In an initial state in which no client devices are 
registered in the authorized domain managed by AD server 100, 
the registered number (REGISTERED) is "0", and the remaining 
number (REMAINING) has the same value as the maximum number 
(MAXIMUM) . When a client device is registered in the 
authorized domain by AD server 100, "1" is added to the 
registered number, and "1" is subtracted from the remaining 
number . 

IC CARD ID prestores the ID of IC card 400 affiliated 
with AD server 100, and cannot be rewritten. 

(5) CSI Generation Unit 107, CSI Storage Unit 108 

CSI storage unit 108 is a tamper-resistant area storing 

a CSI that cannot be read from outside, and stores, when no 

devices are registered in AD server 100 , u 0" as a value showing 

that no devices are registered. 

CSI generation unit 107 generates CSI when a device is 
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initially registered in AD server 100, under the control of 
control unit 101. Also, when all of devices withdraw, CSI 
storage unit 108 rewrites the stored value to "0" . 

Here , CSI is arbitrary data generated by CSI generation 
unit 107, and has a 200-bit length in the present embodiment. 
Moreover, the bit length of the CSI is not limited to this, 
and may be any length that is not readily estimatable, and 
that cannot be easily tested. 

CSI generation unit 107 stores generated CSI in CSI 
storage unit 108. Also, unit 107 outputs generated CSI to 
IC card 400 when connected. 

Moreover, CSI may be updated regularly or irregularly. 

(6) Encryption Unit 110, Encryption Unit 119 

Encryption unit 119, at a time of playback apparatus 
200 being registered and under the control of control unit 
101 , performs an encryption algorithm E on CSI using a session 
key SK received from public-key-encryption processing unit 
105 to generate encrypted CSI, and transmits the encrypted 
CSI to playback apparatus 200 via IO unit 115. Here, 
encryption algorithm Eis, as one example, a Data Encryption 
Standard (DES) algorithm. Since DES algorithms are known 
technology, a description is omitted here. 

Encryption unit 110, at a time of storing a content key 
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in content-key storage unit 118, reads JD_1 from ID storage 
unit 111 and reads CSI from CSI storage unit 108. Unit 110 
concatenates the read ID_1 and CSI in the stated order to 
generate an encryption key a, performs an encryption 
algorithm E on the content key using encryption key a to 
generate encrypted content key a, and outputs encrypted 
content key a to content-key storage unit 118. 

Encryption unit 110, at a time of writing an encrypted 
content onto DVD 500 and under the control of control unit 
101, reads ID_2 and ID_3 , which are the IDs of the registered 
devices, from DEVICE ID of the registered information in 
registration-information storage unit 106. Unit 110 
concatenates ID_2 and CSI in the stated order to generate 
an encryption key Jb, and concatenates ID_3 and CSI in the 
stated order to generate an encryption key c. An encrypted 
content key b and an encrypted content key c are generated 
respectively using encryption key b and encryption key c, 
and written to DVD 500. 

(7) Decryption Unit 117 

Decryption unit 117, under the control of control unit 
101, reads ID_1 stored in ID storage unit 111 and reads CSI 
stored in CSI storage unit 108 . Unit 117 performs a decryption 
algorithm D on encrypted content key a read from content-key 
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storage unit 118, using a decryption key generated by 
concatenating the read ID_1 and CSI in the stated order, to 
obtain a content key. Unit 117 outputs the obtained content 
key to encryption unit 110. Here, decryption algorithm D is 
an algorithm for conducting the reverse processing of 
encryption algorithm E . 

(8) Control Unit 101, Input Unit 113, Display Unit 114 

Input unit 113 receives inputs from a user, and outputs 
the received inputs to control unit 101. 

At a time of starting processing, control unit 101, on 
receipt of an IC card ID from connected IC card 400, confirms 
whether the received ID matches the IC card ID in the 
registration information. If not matched, control unit 101 
displays on display unit 114 the fact that the connected IC 
card is not the IC card affiliated with AD server 100, and 
ends the processing. If matched, control unit 101 continues 
the processing as follows. 

Registration of Playback Apparatus 200 
On receipt of a registration request from playback 
apparatus 200 via IO unit 115, control unit 101 controls 
public-key-encryption processing unit 105, and establishes 
a SAC using a CSI initial value "0", by the SAC establishment 
method to be described later (here, the CSI initial value 
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w 0" used at a time of registration indicates that playback 
apparatus 2 00 has yet to be registered) . From the result of 
the device authentication at a time of establishing the SAC, 
control unit 101 judges whether the target device has an 
authorized public key pair and whether the target device is 
unregistered. If the target device has the authorized public 
key pair and CSI having a "0" value, authentication is judged 
to be successful . If the target device does not hold CSI having 
a "0" value, control unit 101 judges the target device to 
already be registered in another authorized domain. Moreover, 
whether or not the authorized domain in which the target 
device is registered is the authorized domain managed by AD 
server 100 may be judged by confirming whether the CSI of 
the target device matches the CSI stored in CSI storage unit 
108 . 

When judged that the target device is unregistered, 
control unit 101 reads registration information from 
registration-information storage unit 106, and judges 
whether the remaining number of devices is "0" . If the 
remaining number is not "0", control unit 101 judges whether 
the registered number is "0" . If the registered number is 
"0", control unit 101 controls CSI generation unit 107 to 
generate CSI, and stores the generated CSI in CSI storage 
unit 108. If the registered number is not "0", control unit 



38 



101 reads CSI from CSI storage unit 108, has the generated 
or read CSI encrypted by encryption unit 110 to generate 
encrypted CSI, and outputs the encrypted CSI to playback 
apparatus 200 via IO unit 115. On receipt from playback 
apparatus 200 of a receipt notification showing that the 
outputted CSI has been received, control unit 101 adds w l" 
to the registered number in the registration information, 
subtracts "1" from the remaining number, and ends the 
processing . 

If authentication is unsuccessful, or if the target 
device is registered, or if the remaining number is u 0", 
control unit 101 transmits a registration failure 
notification to playback apparatus 200 showing that 
registration is not possible, and ends the processing. 

Also, at a time of CSI being generated by CSI generation 
unit 107, control unit 101 establishes a SAC with IC card 
400 and shares session key SK, performs encryption algorithm 
E on the generated CSI using session key SK to generate 
encrypted CSI, and transmits the encrypted CSI to IC card 
400 . 

Registration of On-vehicle 300 

(a) On receipt of an input from input unit 113 showing 
the copying of CSI when IC card 4 00, whose ID has already 
been confirmed, is connected, control unit 101 judges whether 
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the remaining number is "0" , and if not "0", transmits a 
permission right to IC card 400 showing that a once-only copy 
of CSI is permitted. Control unit 101, on receipt from IC 
card 400 of a receipt notification, ends the processing. 
5 When the remaining number is "0", control unit 101 

displays the fact that copying is not possible on display 
unit 114, and ends the processing. 

(b) When IC card 400 is connected to AD server 100, AD 
server 100 confirms that the IC card ID has been registered 

10 in the registration information, and on receipt of a copy 
notification showing that CSI has been copied, control unit 
101 extracts the ID of the CSI copy target (i.e. on-vehicle 
device 300) , which is included in the copy notification, and 
stores the extracted ID as a device ID in the registration 

15 information. Also, control unit 101 transmits a receipt 
notification to IC card 400 showing that the copy target ID 
has been received. 

Moreover, although the above description relates here 
to CSI having been generated, when CSI has not being generated, 

20 CSI is generated and transmitted to IC card 400 in the same 
manner as when playback apparatus 2 00 is registered. 
Content Delivery 

On receipt of a content delivery request from playback 
apparatus 2 00 via IO unit 115, control unit controls 

40 



public-key-encryption processing unit 105 to establish a SAC 
using the SAC establishment method to be described later, 
and shares session key SK. Since CSI stored in CSI storage 
unit 108 is used in authentication conducted at the time of 
establishing the SAC, when authentication is successful, 
control unit 101 judges that the target device is registered 
because of the target device holding CSI generated in AD 
server 100, and when authentication is unsuccessful, control 
unit 101 judges that the target device is not registered in 
AD server 100. 

When authentication is unsuccessful, control unit 101 
transmits a delivery failure notification to playback 
apparatus 200 showing that distribution of content a content 
is not possible. 

When authentication is successful, control unit 101 
controls decryption unit 117 to decrypt encrypted content 
key a stored in content-key storage unit 118 to obtain a 
content key. Next, control unit 101 controls encryption unit 
110 to encrypt the content key using session key SK to generate 
an encrypted content key s, and transmits encrypted content 
key s to playback apparatus 200. Also, control unit 101 reads 
an encrypted content from content storage unit 109, and 
transmits the encrypted content to playback apparatus 200. 

Recording of a Contcnt Content onto DVD 
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On receipt of an input from input unit 113 indicating 
to record a contont content onto DVD 500, control unit 101 
controls decryption unit 117 to decrypt encrypted content 
key a stored in content-key storage unit 118 to obtain a 
5 content key. Next, control unit 101 controls encryption unit 
110 to encrypt the content key using encryption key jb and 
encryption key c generated respectively using ID_2 and ID_3 
registered in the registration information to generate 
encrypted content key jb and encrypted content key c, and 

10 writes the encrypted content keys b and c to DVD 500. Also, 
control unit 101 reads an encrypted content from content 
storage unit 109 and writes the encrypted content to DVD 500. 

Moreover, the content key may be encrypted using an 
encryption key generated based on an ID unique to DVD 500, 

15 or an encryption key generated based on the DVD 500 ID and 
CSI . 

Withdrawal 

On receipt from playback apparatus 2 00 of a withdrawal 
request that includes ID_2 , control unit 101 controls 
20 public-key-encryption processing unit 105 to establish a SAC 
using the SAC establishment method to be described later. 
At this time, control unit 101 conducts authentication using 
CSI stored in CSI storage unit 108. From the authentication 
result at the time of establishing the SAC, control unit 101 
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judges whether the device that sent the request is registered, 
and if the target device is unregistered, control unit 101 
transmits an unregistered notification to playback apparatus 
200 showing playback apparatus 200 to be unregistered, since 
5 it is impossible to withdraw in this case. 

When playback apparatus 200 is registered, control unit 
101 transmits a deletion notification to playback apparatus 
200 indicating to delete CSI . On receipt of a 
deletion-completed notification from playback apparatus 200 
10 showing that deletion of the CSI has been completed, control 
unit 101 deletes TD_2 from DEVICE ID in the registration 
information, subtracts "1" from the registered number, and 
adds H l" to the remaining number. 



15 1.2 Structure of Playback apparatus 200 

As shown in Fig. 4, playback apparatus 200 is structured 
from a control unit 201, a secret-key storage unit 202, a 
public-key-certificate storage unit 203, a CRL storage unit 
204, a public-key-encryption processing unit 205, a CSI 

20 storage unit 208, a content storage unit 209, an ID storage 
unit 211, an input unit 213, an input/output (IO) unit 215, 
a decryption unit 217, an encryption unit 218, a content-key 
storage unit 219, a decryption unit 220, and a playback unit 
221 . A monitor 251 and a speaker 252 are connected to playback 
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unit 221. 

Playback apparatus 200 is a computer system the same 
AD server 100, and a computer program is stored in the RAM 
or the hard disk unit. Playback apparatus 200 carries out 
5 functions as a result of the microprocessor operating in 
accordance with the computer program. 

(1) TO Unit 215 

10 unit 215 conducts transmission/reception of data 
10 with AD server 100. 

(2) Secret-Key Storage Unit 2 02, Public-Key-Certificate 
Storage Unit 2 03, CRL Storage Unit 2 04, CSI Storage Unit 2 08, 
ID Storage Unit 211 

15 CRL storage unit 204 stores the most recent CRL. 

ID storage unit 211 stores ID_2 , which is the ID unique 
to playback apparatus 2 00. 

CSI storage unit 208 is a tamper-resistant area, and 
stores "0" showing playback apparatus 200 to be unregistered. 
20 When playback apparatus 200 is registered in AD server 100, 
CSI storage unit 208 stores CSI acquired from AD server 100. 

Public-key-certificate storage unit 203 stores a PKC 
Cert_2 issued by the CA. PKC Cert_2 includes a public key 
PKJ2 of playback apparatus 2 00, ID_2 of playback apparatus 



44 



2 00, and signature data Sig_CA2 generated by the CA 
performing signature algorithm S on public key PK_2 and ID_2 . 

Secret-key storage unit 202 is a tamper-resistant area, 
and stores a secret key SK_2 corresponding to public key PK_2 
of playback apparatus 200. 

(3) Public -Key- Encrypt ion Processing Unit 205 

Public-key-encryption processing unit 205 establishes 
a SAC by the SAC establishment method to be described later, 
at a time of communicating with AD server 100, and shares 
session key SK. Unit 205 outputs the shared session key SK 
to decryption unit 217. 

(4) Decryption Unit 217, Decryption Unit 220 

Decryption unit 217, at a time of a contcnt content being 
distributed from AD server 100, performs decryption 
algorithm D on encrypted content key s delivered from AD 
server 100, using session key SK shared by 
public-key-encryption processing unit 2 05, to obtain a 
content key. Here, decryption algorithm D is an algorithm 
for conducting the reverse processing of encryption 
algorithm E. 

Also, at a time of playing a contcnt content once stored, 
decryption unit 217 reads ID_2 from ID storage unit 211, reads 
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CSI from CSI storage unit 208, and concatenates the reads 
ID_2 and CSI in the stated order to generate a decryption 
key jb. Decryption unit 217 performs decryption algorithm D 
on encrypted content key Jb read from content -key storage unit 
219, using the generated decryption key b, to obtain a content 
key, and outputs the obtained content key to decryption unit 
220 . 

Decryption unit 22 0 reads an encrypted content stored 
in content storage unit 209, performs decryption algorithm 
D on the encrypted content using the content key received 
from decryption unit 217 to obtain a contcnt content , and 
outputs the obtained content to playback unit 221. 

(5) Encryption Unit 218 

Encryption unit 218, at a time of storing a 
contcnt content acquired from AD server 100, reads ID_2 from 
ID storage unit 211, and reads CSI from CSI storage unit 208. 
Unit 218 concatenates the read ID_2 and CSI in the stated 
order to generate encryption key jb, and performs encryption 
algorithm E on the content key received from decryption unit 
217 using the generated encryption key b to generate 
encrypted content key Jb, and outputs encrypted content key 
jb to content-key storage unit 219. 
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(6) Content Storage Unit 2 09, Content- Key Storage Unit 219 

Content storage unit 2 09 stores encrypted 
content o content transmitted from AD server 100. 

Content-key storage unit 219 stores encrypted content 
5 key b encrypted by encryption unit 218. 

(7) Control Unit 201, Input Unit 213 

Regist ra t i on 

On receipt by input unit 213 of an input indicating to 
10 start the registration processing, control unit 201 reads 
JD__2 from ID storage unit 211, transmits a registration 
request that includes ID_2 to AD server 100 via 10 unit 215, 
and establishes a SAC by the SAC establishment method to be 
described later. 
15 Control unit 201, on receipt from AD server 100 of a 

registration failure notification, displays the fact that 
registration is not possible on monitor 251, and ends the 
registration processing. 

Control unit 201, on receipt from AD server 100 of 
20 encrypted CSI, controls decryption unit 217 to decrypt the 
encrypted CSI to obtain CSI, and stores the obtained CSI in 
CSI storage unit 208. Also, unit 201 transmits a receipt 
notification to AD server 100 showing that the CSI has been 
received . 
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Content Delivery 

On receipt by input unit 213 of an input indicating to 
acquire and playback a — contcnt content , control unit 201 
transmits a delivery request to AD server 100. 

Control unit 201, on receipt of a delivery failure 
notification from AD server 100, displays the fact that 
delivery is not possible on monitor 251, and ends the 
processing. 

When a received content is to be played, control unit 
2 01, on receipt of encrypted content key s from AD server 
100, controls decryption unit 217 to decrypt encrypted 
content key s to obtain a content key. Also, on receipt of 
an encrypted content from AD server 100, control unit 2 01 
controls decryption unit 220 to decrypt the encrypted content 
to obtain a contcnt content , and has playback unit 221 play 
the content . 

Playback after Accumulating Content a Content 
On receipt by input unit 213 of an input indicating to 
acquire and accumulate contcnta content , control unit 2 01 
conducts the same processing as above to acquire 
contcnto content . Once content s content have been acquired, 
control unit 2 01 has decryption unit 217 decrypt encrypted 
content key s received from AD server 100, and controls 
encryption unit 218 to encrypt the decrypted content key, 
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and stores the encrypted content key in content-key storage 
unit 219 as encrypted content key b. Also, on receipt of 
encrypted content s content from AD server 100, control unit 
2 01 stores the encrypted content o content in content storage 
unit 209. 

On receipt by input unit 213 of an input indicating to 
playback content o content stored in content storage unit 2 09, 
control unit 201 controls decryption unit 217 to decrypt 
encrypted content key Jb, has decryption unit 22 0 decrypt the 
encrypted contcnta content to obtain contcnts content , and has 
playback unit 221 play the content o content . 

Wi thdrawal 

On receipt by input unit 213 of an input indicating to 
start withdrawal processing, control unit 201 establishes 
a SAC by the SAC establishment method to be described later. 

Control unit 2 01, on receipt of an unregistered 
notification from AD server 100, displays on monitor 251 the 
fact that playback apparatus 200 is not registered in AD 
server 100, and ends the processing. 

Control unit 201, on receipt of a deletion notification 
from AD server 100, deletes CSI stored in CSI storage unit 
208, and stores "0" in CSI storage unit 208 showing playback 
apparatus 200 to be unregistered. Also, control unit 201 
transmits a deletion- completed notification that notifies 
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AD server 100 that deletion of the CSI has been completed. 

(8) Playback Unit 221 

Playback unit 221 generates video signals from 
content o content received from decryption unit 220, and 
outputs the generated video signals to monitor 251. Also, 
unit 221 generates audio signals from received 
contcnto content , and outputs the generated audio signals to 
speaker 252 . 

1.4 Structure of On-Vehicle Device 300 

As shown in Fig. 5, on-vehicle device 3 00 is structured 
from a control unit 301, a secret-key storage unit 302, a 
public-key-certificate storage unit 303, a CRL storage unit 
304, a public-key-encryption processing unit 305, a CSI 
storage unit 308, an ID storage unit 311, a drive unit 312, 
an input unit 313, an input/output (IO) unit 316, decryption 
units 317, 318 and 320, a playback unit 321, a monitor 322 
and a speaker 3 23 . 

On-vehicle device 3 00 is a computer system the same AD 
server 100, and a computer program is stored on the RAM or 
the hard disk unit. On-vehicle device 300 carries out 
functions as a result of the microprocessor operating in 
accordance with the computer program. 



50 



(1) Drive Unit 312, TO Unit 316 

Drive Unit 312 reads encrypted content key c from DVD 
500, and outputs encrypted content key c to decryption unit 
318. Also, unit 312 reads an encrypted content and outputs 
the encrypted content to decryption unit 320. 

10 unit 316 conducts transmission/reception of data 
with IC card 400, under the control of control unit 301. 

(2) Secret-Key Storage Unit 3 02, Public -Key- Certificate 
Storage Unit 3 03 , CRL Storage Unit 3 04, CSI Storage Unit 3 08, 
ID Storage Unit 311 

CRL storage unit 3 04 stores the most recent CRL. 

ID storage unit 311 stores ID_3 , which is the ID unique 
to on-vehicle device 300. 

CSI storage unit 308 is a tamper-resistant area, and 
stores "0" showing on-vehicle device 3 00 to be unregistered. 
On receipt from IC card 400 of CSI generated by AD server 
100, unit 308 stores the received CSI. 

Public-key-certificate storage unit 303 stores a PKC 
Cert_3 issued by the CA. PKC Cert_3 includes a public key 
PK_3 and ID_3 of on-vehicle device 300, and signature data 
Sig_CA3 generated by the CA performing signature algorithm 
S on public key PK_3 and ID_3 . 
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Secret-key storage unit 302 is a tamper-resistant area, 
and stores a secret key SK_3 corresponding to public key PK_3 . 

(3) Public- Key- Encrypt ion Processing Unit 3 05 

5 Public-key-encryption processing unit 3 05 conducts 

authentication with IC card 400, under the control of control 
unit 3 01, and establishes a SAC by the SAC establishment 
method to be described later. Also, unit 3 05 outputs session 
key SK shared at this time to decryption unit 317. 

10 

(4) Decryption Units 317, 318, 320 

Decryption unit 317, on receipt of encrypted CSI from 
IC card 4 00 and under the control of control unit 3 01 , performs 
decryption algorithm D on the encrypted CSI using session 
15 key SK received from public-key-encryption processing unit 
3 05 to obtain CSI, and outputs the obtained CSI to CSI storage 
unit 308. 

At a time of playing a contcnt content , decryption unit 
318, on receipt of encrypted content key c from drive unit 
20 312, reads ID_3 from ID storage unit 311 and reads CSI from 
CSI storage unit 308. Unit 318 concatenates the read TD_3 
and CSI in the stated order to generate decryption key c. 
Unit 318 performs decryption algorithm D on encrypted content 
key c using decryption key c to obtain a content key, and 
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outputs the obtained content key to decryption unit 320. 

Decryption unit 32 0 receives an encrypted content from 
drive unit 312 and a content key from decryption unit 318. 
Unit 320 performs decryption algorithm D on the encrypted 
content using the received content key to obtain a 
contcnt content , and outputs the obtained content to playback 
unit 321. 

(5) Control Unit 3 01, Input Unit 313 

Control unit 3 01, when IC card 4 00 is connected to 
on-vehicle device 300, controls public -key- encrypt ion 
processing unit 305 to establish a SAC. At this time, unit 
301 uses the "0" stored in CSI storage unit 308 as CSI. If 
device authentication is unsuccessful, unit 301 ends the 
processing. Also, when a registered not if ication is received 
from IC card 400, unit 301 displays the fact that on-vehicle 
device 300 is registered on monitor 322, and ends the 
processing. Unit 301, on receipt of encrypted CSI from IC 
card 400 via IO unit 316, controls decryption unit 317 to 
decrypt the encrypted CSI to obtain CSI, and stores the 
obtained CSI in CSI storage unit 308 . Also, unit 301 transmits 
a receipt notification to IC card 4 00 showing that the CSI 
has been received. 

Moreover, copying of CSI from on-vehicle device 300 to 
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other devices is not conducted. 

Control unit 301, on receipt of an input from input unit 
313 indicating to view a contont content recorded on DVD 500, 
controls drive unit 312 to read encrypted content key c and 
an encrypted content from DVD 500. Unit 301 has encrypted 
content key c decrypted by decryption unit 318 to obtain a 
content key, and has the encrypted content decrypted by 
decryption unit 320 to obtain a contcnt content . Also, unit 
301 controls playback unit 321 to play the obtained content. 

(6) Playback Unit 321, Monitor 322, Speaker 323 

Playback unit 321 generates video signals and audio 
signals from received contcnto content , outputs the generated 
video and audio signals to monitor 322 and speaker 323 
respectively, and plays the contcnts content . 

1.3 Structure of IC Card 4 00 

As shown in Fig. 6, IC card 400 is structured from a 
control unit 401, a secret-key storage unit 402, a 
public-key-certificate storage unit 403, a CRL storage unit 
404, a public-key-encryption processing unit 405, a CSI 
storage unit 408, an ID storage unit 411, an input /output 
(IO) unit 416, a decryption unit 417 , an encryption unit 418 , 
and an ID storage unit 420. 
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IC card 400 is connectable to AD server 100 and 
on-vehicle device 3 00 . IC card 400 is used as a device within 
the authorized domain at a time of registering devices such 
as on-vehicle device 300 that are not connectable with AD 
5 server 100. 

(1) Secret -Key Storage Unit 4 02, Public- Key- Certificate 
Storage Unit 4 03, CRL Storage Unit 4 04, CSI Storage Unit 4 08, 
ID Storage Unit 411, ID Storage Unit 420 

10 CRL storage unit 404 stores the most recent CRL. 

ID storage unit 411 stores an ID_4 , which is an ID unique 
to IC card 400. 

CSI storage unit 408 is a tamper-resistant area, and 
when a client device has not been registered in AD server 

15 100, stores "0" showing that a client device has yet to be 
registered. When CSI is generated by AD server 100, unit 408 
stores CSI obtained from AD server 100 in correspondence with 
u 0" , which is the copy frequency. Here, the copy frequency 
is the number of times that copying of CSI to other client 

20 devices is permitted. 

Public-key-certificate storage unit 403 stores a PKC 
Cert_4 issued by the CA. PKC Cert_4 includes a public key 
PK_4 and ID_4 of IC card 400, and signature data Sig_CA4 
generated by the CA performing signature algorithm S on 
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public key PK_4 and ID_4 . 

Secret-key storage unit 402 is a tamper-resistant area, 
and stores a secret key SK_4 corresponding to public key PK_4 . 

ID storage unit 420 is an area storing the ID of a CSI 
5 copy target . 

(2) Public -Key- Encrypt ion Processing Unit 4 05 

Public -key- encrypt ion processing unit 405, under the 
control of control unit 401, establishes a SAC with AD server 
10 100, shares session key SK, and outputs the shared session 
key SK to decryption unit 417. 

Also, unit 405 establishes a SAC with on-vehicle device 
300 and shares session key SK, and outputs the shared session 
key SK to encryption unit 418. 

15 

(3) Decryption Unit 417 

Decryption unit 417, on receipt of encrypted CSI via 
10 unit 416 and under the control of control unit 4 01 , performs 
decryption algorithm D on the encrypted CSI using session 
20 key SK received from public-key-encryption processing unit 
405 to obtain CSI, and stores the obtained CSI in CSI storage 
unit 4 08 . 

(4) Encryption Unit 418 
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Encryption unit 418, under the control of control unit 
401, reads CSI from CSI storage unit 408, receives session 
key SK from public-key-encryption processing unit 405, 
performs encryption algorithm E on the CSI using session key 
5 SK to generate encrypted CSI, and transmits the encrypted 
CSI to on-vehicle device 300. 

(5) Control Unit 401, IO Unit 416 

When IC card 400 is connected to AD server 100, control 
10 unit 401 reads ID__4 from ID storage unit 411, and transmits 

the read JD_4 to AD server 100. 

At a time of receiving CSI from AD server 100, control 

unit 401 controls public-key-encryption processing unit 405 

to establish a SAC with AD server 100 and share session key 
15 SK, and on receipt of encrypted CSI , unit 401 has the encrypted 

CSI decrypted by decryption unit 417 to obtain CSI , and stores 

the obtained CSI in CSI storage unit 408. 

At a time of registering on-vehicle device 300, control 

unit 401, on receipt of a permission right from AD server 
20 100, adds w l" to the copy frequency stored in. correspondence 

with the CSI, and transmits a receipt notification to AD 

server 100 . 

When IC card 400 is connected to on-vehicle device 300, 
control unit 401 controls public-key-encryption processing 



unit 405 to establish a SAC, and shares session key SK. At 
this time, unit 401 conducts authentication using the initial 
value "0" as CSI, and from the authentication result, judges 
whether on-vehicle device 3 00 is unregistered. If 
5 authentication is unsuccessful, unit 401 judges on-vehicle 
device 300 to be registered, transmits a registered 
notification to on-vehicle device 300, and ends the 
processing. When authentication is successful, unit 401 
judges on-vehicle device 300 to be unregistered, and stores 

10 ID_3 of on-vehicle device 3 00 received at the time of 
authentication in ID storage unit 420. Unit 401 reads CSI 
stored in CSI storage unit 408, has the read CSI encrypted 
by encryption unit 418 to generate encrypted CSI, and 
transmits the encrypted CSI to on-vehicle device 300. Unit 

15 401, on receipt of a receipt notification from on-vehicle 
device 3 00, subtracts w l" from the copy frequency and ends 
the processing. Control unit 401, when IC unit 400 is 
connected to AD server 100, reads ID_4 from ID storage unit 
411, and transmits the read ID_4 to AD server 100. Also, unit 

20 401 reads the ID of the CSI copy target from ID storage unit 
42 0, and sends a copy notification that includes the read 
ID to AD server 100 . On receipt from AD server 100 of a receipt 
notification, unit 401 ends the processing. 



2 . Operations of Group Formation/Management System 1 
2.1 SAC Operations 

Operations at a time of establishing a SAC will be 
described using Figs . 7 and 8. 
5 Moreover, since this SAC establishment method is used 

in the mutual authentication of any of AD server 100 , playback 
apparatus 200, on- vehicle device 3 00, and IC card 400, the 
devices conducting authentication here are referred to 
simply as device A and device B. Also, although CSI used in 
10 authentication can be "0" showing unregistered or values 
generated by AD server 100, here it is described simply as 
"CSI" . 

Here, Gen ( ) is a key generation function and Y is a 
system-unique parameter. Also, key generation function Gen () 

15 is a function that satisfies a relation Gen (x, Gen (Y, z) ) = 
Gen (Y, Gen (x, z) ) . Moreover, since key generation functions 
are realizable by arbitrary known technology, the details 
of such functions will not be referred to here . As one example, 
a Dif f ie-Hellman (DH) public key delivery method is disclosed 

20 in Nobuichi IKENO, Ken j i KOYAMA, Modern Cryptosystems , 
IEICE. 

Device A reads PKC Cert__A (step Sll) , and transmits the 
read PKC Cert_A to device B (step S12) . 

Device B, having receiving PKC Cert_A, conducts 



signature verification by performing a signature 
verification algorithm V on signature data Sig__CA included 
in the PKC Cert_A, using a public key PK_CA of the CA (step 
S13) . If verification is unsuccessful (step S14 = NO) , device 
5 B ends the processing. If verification is successful (step 
S14 = YES) , device B reads a CRL (step S15) , and judges whether 
ID_A included in the received PKC Cert_A is registered in 
the CRL (step S16) . If judged to be registered (step S16 = 
YES) , device B ends the processing. If judged to be not 
10 registered (step S16 = NO) , device B reads PKC Cert_B of device 
B (step S17) , and transmits the read PKC Cert_£ to device 
A (step S18) . 

Device A, on receipt of PKC Cert_B, conducts signature 
verification by performing signature verification algorithm 

15 Von signature data Sig_CA included in the PKC Cert_B, using 
public key PK_CA (step S19) . If verification is unsuccessful 
(step S20 = NO) , device A ends the processing . If verification 
is successful (step S20 = YES) , device A reads a CRL (step 
S21) , and judges whether ID_B included in the received PKC 

20 Cert_B is registered in the CRL (step S22) . If judged to be 
registered (step S22 = YES) , device A ends the processing. 
If judged to be not registered (step S22 = NO) , device A 
continues the processing. 

Device B generates a random number Cha_B (step S23), 
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and transmits generated random number Cha_B to device A (step 
S24) . 

Device A, on receipt of random number Cha_B, 
concatenates Cha_B and CSI in the stated order to generate 
5 Cha_B || CSI (step S2 5) , performs signature algorithm S on the 
generated ChaJB \\ CSI using a secret key SK_A of device A to 
generate signature data Sig_A (step S26) , and transmits the 
generated signature data Sig_A to device B (step S27) . 

Device B, on receipt of signature data Sig_A, conducts 
10 signature verification by performing signature verification 
algorithm V on the received signature data Sig_A using PK_A 
included in Cert_A received at step S12 (step S28) , and if 
verification is unsuccessful (step S29 = NO) , device B ends 
the processing, and if successful (step S29 = YES) , device 
15 B continues the processing. 

Device A generates a random number Cha_A (step S30) , 
and transmits generated random number Cha_A to device B (step 
S31) . 

Device B, concatenates the received Cha_A and CSI in 
20 the stated order to generate Cha_A || CSI (step S32) , performs 
signature algorithm S on the generated Cha^A || CSI using a 
secret key SK_B of device B to generate signature data Sig_B 
(step S3 3) , and transmits the generated signature data Sig_B 
to device A (step S34) . 
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Device A, on receipt of signature data Sig_B, conducts 
signature verification by performing signature verification 
algorithm V on signature data Sig_B using PK_B included in 
Cert_B received at step S18 (step S35) , and if verification 
5 is unsuccessful (step S36 = NO) , device A ends the processing . 
If successful (step S36 = YES) , device A generates a random 
number "a" (step S37) , generates Key_A = Gen(a,Y) using 
generated random number "a" (step S3 8) , and transmits the 
generated Key_A to device B (step S3 9) . 

10 Device B, on receipt of Key_A, generates a random number 

"jb" (step S40) , and generates Key__B - Gen(b,Y) using 
generated random number "jb" (step S41) . Device B transmits 
the generated Key_B to device A (step S42) . Also, device B 
generates Key_AB = Gen (b, Key_A) = Gen (b, Gen (a,Y) ) using 

15 generated random number "jb" and the received Key_A (step 
S43) , and generates session key SK = Gen (CSI , Key_AB) using 
JCey_AB and the CSI (step S44) . 

Device A, on receipt of Key_B, generates Key_AB - 
Gen (a, Key_B) = Gen (a, Gen (b, Y) ) using generated random number 

20 *a* and the received Key_B (step S45) , and generates session 
key SK = Gen (CSI,Key_AB) using the generated Key_AB and the 
CSI (step S46) . 

2.2 Operations for Playback Apparatus 200 Registration 
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Operations at a time of AD server 100 registering 
playback apparatus 200 will now be described using Fig. 9. 

Moreover, AD server 100 has IC card 400 connected 
thereto, and has already confirmed that IC card 4 00 is an 
5 IC card affiliated with AD server 100. 

Playback apparatus 2 00, on receipt of an input from 
input unit 213 indicating to start the registration 
processing (step S51) , reads IDJ2 from ID storage unit 211 
(step S52) , and transmits a registration request that 
10 includes ID_2 to AD server 100 (step S53) . 

Given that AD server 100 is device A and playback 
apparatus 200 is device B, a SAC is established by the 
above-described method (step S54) . At this time, AD server 
100 uses "0" as CSI and playback apparatus 200 uses CSI stored 
15 in CSI storage unit 208. 

AD server 100 conducts the signature verification at 
step S35 using "0" as CSI, and thus judges playback apparatus 
200 to be unregistered if verification is successful, and 
to be registered if verification is unsuccessful . If playback 
20 apparatus 200 is judged to be unregistered, AD server 100 
reads registration information (step S55) , and judges 
whether the remaining number is u 0" (step S56) . If "0" (step 
S56 = YES) , AD server 100 transmits a registration failure 
notification to playback apparatus 200 (step S57) . If the 
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remaining number is not "0" (step S56 = NO) , AD server 100 
judges whether the registered number is "0" (step S58) . If 
"0" (step S58 = YES) , CSI is generated by CSI generation unit 
107 (step S59) . If the registered number is not "0" (step 
5 S58 = NO) , AD server 100 reads CSI from CSI storage unit 108 
(step S60) . Encryption algorithm E is performed on the 
generated or read CSI by encryption unit 119 using session 
key SK, to generate encrypted CSI (step S61) , and AD server 
100 transmits the encrypted CSI to playback apparatus 200 

10 (step S62) . 

Playback apparatus 200, if a registration failure 
notification is received, displays the fact that 
registration is not possible on monitor 251 (step S63) , and 
ends the processing. If encrypted CSI is received, the 

15 encrypted CSI is decrypted by decryption unit 217 to obtain 
CSI (step S64) , and playback apparatus 200 stores the CSI 
in CSI storage unit 208 (step S65) . Also, playback apparatus 
200 transmits a receipt notification to AD server 100 (step 

566) . 

20 On receipt of the receipt notification from playback 

apparatus 200, AD server 100 writes ID_2 into DEVICE ID in 
the registration information, adds "1" to the registered 
number, and subtracts "1" from the remaining number (step 

567) . 



2.3 Operations for On-vehicle Device 300 Registration 
(1) Operations at a time of permitting the copying of CSI 
from AD server 100 to IC card 400 will now be described using 
5 Fig. 10. 

When IC card 400 is connected to AD server 100, IC card 
400 reads ID_4 from ID storage unit 411 (step S71) , and 
transmits the read ID__4 to AD server 100 (step S72). 

AD server 100, on receipt of JD_4, reads an IC card ID 

10 from the registration information (step S73) , and judges 
whether the received ID matches the read ID (step S74) . If 
not matched (step S74 = NO) , AD server 100 displays on display 
unit 114 the fact that the connected IC card is not an IC 
card affiliated with AD server 100 (step S75) and ends the 

15 processing. If matched (step S74 = YES) , AD server 100 
continues the processing. In this way, AD server 100 confirms 
whether the connected IC card is an affiliated IC card, and 
stands by until an input is received once confirmation is 
completed . 

20 On receipt by input unit 113 of an input indicating to 

permit a copying of CSI to IC card 400 (step S76) , control 
unit 101 reads the remaining number from 
registration- information storage unit 106 (step S77) , judges 
whether the remaining number is "0" (step S78) , and if "0" 
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(step S78 = YES) , displays on display unit 114 the fact that 
registration is not possible (step S79) . If the remaining 
number is not "0" (step S78 = NO) , control unit 101 transmits 
a permission right to IC card 400 permitting a once-only 
copying of CSI (step S80) . 

IC card 400, on receipt of the permission right from 
AD server 100, adds "1" to the copy frequency (step S81) , 
and transmits a receipt notification to AD server 100 (step 

582) . 

AD server 100, on receipt of the receipt notification, 
adds w l" to the registered number in the registration 
information, subtracts "1" from the remaining number (step 

583) , and ends the processing. 

(2) Operations at a time of copying CSI from IC card 400 
to on-vehicle 300 will now be described using Fig. 11. 

When IC card 400 is connected to on-vehicle device 300, 
the steps S71 to S75 processing is conducted, and IC card 
400 is ascertained. Also, IC card 400 and on-vehicle device 
300 conducts SAC establishment processing as device A and 
device B, respectively, and share session key SK (step S91) . 
At this time, IC card 400 conducts authentication using "0", 
which is the initial value of CSI, and on-vehicle device 300 
conducts authentication using a value stored in CSI storage 
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unit 308 . 

Control unit 401 in IC card 4 00 conducts the signature 
verification at step S35 using "0" as CSI, and thus judges 
on-vehicle device 300 to be unregistered if verification is 
5 successful, and to be registered if verification is 
unsuccessful. If judged to be registered (step S92 = NO), 
IC card 400 transmits a registration failure notification 
to on-vehicle device 300 (step S93) , and ends the processing. 
If judged to be unregistered (step S92 = YES) , IC card 400 

10 stores ID_3 of on-vehicle device 300 received at step S18 
in ID storage unit 420 (step S94) . Encryption unit 418, on 
receipt of session key SK from public-key-encryption 
processing unit 405 , reads CSI from CSI storage unit 4 08 (step 
S95) . Encryption unit 418 encrypts the CSI using session key 

15 SK to generate encrypted CSI (step S96) , and transmits the 
encrypted CSI to on-vehicle device 300 via IO unit 416 (step 
S97) . 

Control unit 301 in on-vehicle device 300, if a 
registration failure notification is received from IC card 
20 400, displays the fact that registration is not possible on 
monitor 322 (step S98) , and ends the processing. If encrypted 
CSI is received from IC card 40 0 , decryption unit 317 receives 
session key SK from public-key-encryption processing unit 
3 05, and decrypts the encrypted CSI using session key SK to 
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obtain CSI (step S99) , and stores the obtained CSI in CSI 
storage unit 308 (step S100) . Also, control unit 301 
transmits a receipt notification to IC card 400 (step S101) . 

IC card 400 , on receipt of the receipt notification from 
5 on-vehicle device 300, subtracts u l" from the copy frequency 
(step S102) and ends the processing. 

(3) Operations at a time of notifying AD server 100 of the 
copying of CSI will now be described. 

10 When IC card 4 00 is connected to AD server 10 0 , AD server 

100 confirms the ID of IC card 400 to confirm that IC card 
400 is an affiliated IC card, and stands by until an input 
is received once confirmation is completed. 

IC card 40 0 reads ID_3 , which is the ID of the copy target, 

15 from ID storage unit 420, and transmits a copy notification 
that includes XD_3 to AD server 100. 

AD server 100, on receipt of the copy notification, 
stores ID_3 included in the copy notification in the 
registration information as a device ID. Also, AD server 100 

20 transmits a receipt notification to IC card 400 and ends the 
processing . 

IC card 400 , on receipt of the receipt notification from 
AD server 100, ends the processing. 
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2.4 Content Delivery Operation 1 

Operations at a time of delivering a contcnt content 
from AD server 100 to playback apparatus 2 00 and playing the 
delivered content will now be described using Fig. 12. 
5 Playback apparatus 2 00, on receipt of an input 

indicating to acquire a contcnt content from input unit 213 
(step S121) , transmits a delivery request for a 
contcnt content to AD server 100 (step S122) . 

AD server 100 and playback apparatus 200 establish a 
10 SAC (step S123) . At this time, server 100 and device 200 
conduct authentication using CSI stored in respective CSI 
storage units. 

AD server 100 confirms that playback apparatus 200 is 
within the same authorized domain by the processing at step 
15 S35. 

If authentication is unsuccessful (step S124 = NO) , AD 
server 100 transmits a delivery failure notification to 
playback apparatus 200 (step S125) and ends the processing. 
If authentication is successful (step S124 = YES) , AD server 
20 100 reads encrypted content key a from content -key storage 
unit 118 (step S126) , encrypted content key a is decrypted 
by decryption unit 117 (step S127) , and furthermore, the 
content key is encrypted in encryption unit 110 using session 
key SK shared at a time of authentication, to generate 
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encrypted content key s (step S12 8) , and AD server 100 
transmits encrypted content key s to playback apparatus 2 00 
(step S129) . Also, AD server 100 reads an encrypted content 
from content storage unit 109 (step S130) , and transmits the 
5 encrypted content to playback apparatus 200 (step S131) . 

Playback apparatus 2 00, in the case of a delivery 
failure notification being received, displays the fact that 
delivery is not possible on monitor 251 (step S132) and ends 
the processing. In the case of encrypted content key s being 

10 received, encrypted content key s is decrypted in decryption 
unit 217 using session key SK to obtain a content key (step 
S133), and the obtained content key is outputted to 
decryption unit 220 . Decryption unit 220 performs decryption 
algorithm D on the encrypted content received from AD server 

15 100, using the content key received from decryption unit 217, 
to obtain a — content content (step S134) , and outputs the 
obtained content to playback unit 221. Playback unit 221 
generates video and audio signals from the received content 
and outputs the generated video and audio signals 

20 respectively to monitor 251 and speaker 252, and plays the 
content (step S135) . 

2.5 Content Delivery Operation 2 

Operations at a time of playing content a content 
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received from AD server 100 once they have been accumulated 
will now be described using Fig. 13. 

The same processing as in steps S121 to S130 is 
conducted . 

5 Decryption unit 217 decrypts encrypted content key s 

to obtain a content key (step S141) , and outputs the obtained 
content key to encryption unit 218 . Encryption unit 218 reads 
CSI from CSI storage unit 2 08 and ID_2 from ID storage unit 
211 (step S142) . Encryption unit 218 concatenates the read 

10 IDJ2 and CSI in the stated order to generate IDJ2 || CSI (step 
S143), and sets ID_2 || CSI as encrypt ion key Jb . Encrypt ion unit 
218 encrypts the content key using the generated encryption 
key jb to generate encrypted content key jb (step S144) , and 
stores encrypted content key b in content-key storage unit 

15 219 (step S145) . Also, on receipt of an encrypted content 
from AD server 100, control unit 201 stores the received 
encrypted content in content storage unit 209 (step S146) . 

On receipt from input unit 213 of an input indicating 
to play a stored content, decryption unit 217 reads encrypted 

20 content key b from content-key storage unit 219 (step S148) . 
Also, decryption unit 217 reads CSI from CSI storage unit 
208 and ID_2 from ID storage unit 211 (step 149) , concatenates 
the read ID_2 and CSI to generate ID_2 \\ CSI (step S150) , and 
sets JD_2 || CSI as a decryption key. Decryption unit 217 
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performs decryption algorithm D on encrypted content key b 
using the generated decryption key to obtain a content key 
(step S151) , and outputs the obtained content key to 
decryption unit 220. Decryption unit 220 and playback unit 
5 221 conduct the steps S133 to S135 processing to play the 
content . 

2.6 Operations at a time of Recording onto DVD 

Operation at a time of a contcnt content being written 

10 to DVD 500 by AD server 100 will now be described using Fig . 14 . 

AD server 100, on receipt from input unit 113 of an input 
instructing to record a contcnt content onto a DVD (step S161) , 
reads encrypted content key a from content-key storage unit 
118 (step S162) , and reads ID_1 from ID storage unit 111 and 

15 CSI from CSI storage unit 108 (step S163) . Decryption unit 
117 concatenates the read ID_1 and CSI to generate a 
decryption key (step S164) , and decrypts encrypted content 
key a using the generated decryption key to obtain a content 
key (step S16 5) , and outputs the obtained content key to 

20 encryption unit 110. Encryption unit 110, on receipt of the 
content key, reads the device IDs from 

registration- information storage unit 106 and CSI from CSI 
storage unit 108 (step S166) . Encryption unit 110 
concatenates the read ID_2 and CSI to generate encryption 
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key b and concatenates the read ID_3 and CSI to generate 
encryption key c (step S167) . Encryption unit 110 encrypts 
the content key respectively using generated encryption keys 
b and c to generate encrypted content keys b and c (step S16 8) . 
5 Control unit 101 writes encrypted content keys b and c to 
DVD 500 (step S169) . Also, control unit 101 reads an encrypted 
content from content storage unit 109 (step S170) , and writes 
the encrypted content to DVD 500 (step S171) . 

10 2.7 Operations for Playback Apparatus 200 Withdrawal 

Operations at a time of playback apparatus 200 
withdrawing from AD server 100 will now be described using 
Fig. 15 . 

Moreover, AD server 100 has IC card 400 connected 
15 thereto, and has already confirmed IC card 400. 

Playback apparatus 200, on receipt from input unit 213 
of an input indicating the withdrawal of playback apparatus 
200 (step S181) , reads 1DJ2 from ID storage unit 211 (step 
SI 82) , and transmits a withdrawal request that includes ID_2 
20 to AD server 100 (step S183) . 

AD server 100 and playback apparatus 200 conduct 
authentication and establish a SAC (step S184) . At this time, 
authentication is conducted using CSI stored in respective 
CSI storage units. 
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AD server 10 0 judges whether playback apparatus 2 00 is 
registered as a device in the authorized domain of AD server 
100 by the step S35 processing, and if unregistered (step 
S185 = NO) , transmits an unregistered notification to 
5 playback apparatus 200 (step S186) . If registered (step S185 
= YES) , AD server 100 transmits a CSI deletion notification 
to playback apparatus 200 (step S187) . 

Playback apparatus 200, on receipt of an unregistered 
notification, displays the fact that playback apparatus 200 

10 is unregistered on monitor 322 (step S188) and ends the 
processing. On receipt of a deletion notification, playback 
apparatus 200 deletes CSI from CSI storage unit 208 (step 
S189) . Also, playback apparatus 200 transmits a 
deletion-completed notification to AD server 100 (step 

15 S190) . 

AD server 100, on receipt of the deletion-completed 
notification, deletes JD_2 from DEVICE ID in the registration 
information, subtracts "1" from the registered number, and 
adds w l" to the remaining number (step S191) . 

20 

3 . Key Delivery Method Variation 

Content key delivery in group formation/management 
system 1 is conducted after group formation. While 
restrictions are not placed on the delivery time of content 
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keys in the above key delivery method, the following 
description relates to a key delivery method in which 
restrictions are placed on the delivery time of content keys. 

Moreover, the system within group formation/management 
5 system 1 that conducts key delivery is referred to here as 
a key delivery system. 

3.1 Structure of Key Delivery System 1000 

A structure of key delivery system 1000 will now be 
10 described. 

As shown in Fig. 16, key delivery system 1000 is 
structured from a content server 1001 , recording medium 1002 , 
playback apparatus 1003, playback apparatus 1004 and gateway 
(GW) 1007, and forms a single home network. This home network 
15 is a group as referred to above. Here, a home network is a 
network system to which the same subnet is allotted. 

GW 1007 is a device that enables communication over a 
network . 

Content server 1001, playback apparatus 1003 and 
20 playback apparatus 10 04 form a home network via GW 1007, and 
are also network- connected to a playback apparatus 1005 by 
the Internet . 

Content server 1001 receives content a eon tent from a 
broadcast station 1006, or acquires cont onto content from a 
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content delivery site over the Internet (not depicted) . Here, 
it is assumed in the following description that 
content s content are acquired from broadcast station 1006. 
Content server 1001 generates content keys for encrypting 
acquired contcnta content , encrypts received contcnta content 
using the generated content keys to generate encrypted 
Gontcnts content , and stores the encrypted contcnta content 
in correspondence with information IDs, which are IDs 
identifying respective encrypted contcnta content . Here, the 
10 method used to encrypt contcnta content is common key 
encryption. This method involves the encrypt ion/ decrypt ion 
of information using the same key and is, as one example, 
an Advanced Encryption Standard (AES) algorithm. Since AES 
algorithms are known technology, a description is omitted 
15 here. 

Here, no restrictions are placed on the duplication of 
encrypted contcnta content that have been stored. When 
encrypted contents content are duplicated, the duplication 
is conducted in encrypted content/information ID groupings. 
20 Moreover, in the present embodiment, playback apparatus 1004 
and recording medium 1002 store one or more encrypted 
cont onto content that have been generated in content server 
1001 . 

Also, content server 1001 restricts the use of 
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encrypted content o content by managing each content key in 
correspondence with how many of the content key can be 
delivered (hereafter ''deliverable number"). 

Content server 1001, playback apparatus 1004 and 
5 recording medium 1002 hold common secret information that 
is valid only within key delivery system 1000, and when a 
delivery request for a content key is received, content 
server 1001 uses this common secret information to conduct 
authentication with whichever of playback apparatus 1004 and 

10 recording medium 10 02 sent the delivery request, and thereby 
confirms the legitimacy of content key delivery (i.e. judges 
whether the playback apparatus or recording medium forming 
the delivery- target is a legitimate device) . 

The authentication method used here is, as one example, 

15 a challenge/response handshake using zero knowledge proofs. 
Since this authentication method is known technology, a 
description is omitted here. Also, at a time of 
authentication, secret keys for sharing (referred to as 
"shared secret keys") are generated by a known key 

20 distribution technique, and the encryption/decryption of 
information is conducted using these shared secret keys. 

If authentication is successful, content server 1001 
delivers a content key to the source of the content key 
delivery request, and subtracts "1" from deliverable number 
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of the content key. At this time, when content key delivery 
is to be conducted to playback apparatus 1004, content server 
1001 delivers first key information formed from a content 
key ID, a content key and a corresponding- information ID, 
5 and the first key information is stored in playback apparatus 
1004. Here, a content key ID is an identifier identifying 
a content key, and a corresponding- information ID is an 
information ID corresponding to an encrypted content that 
has been encrypted using the content key. Also, when content 

10 key delivery is to be conducted to recording medium 1002, 
content server 1001 delivers second key information formed 
from a content key ID, a content key, a 
corresponding- information ID and a usage period, and the 
second key information is stored in recording medium 1002. 

15 Here, a usage period is information showing a time period 
during which content key usage is permitted, and is recorded 
using date-time. Since the content key ID, content key, and 
corresponding- information ID are the same as above, a 
description is omitted here. 

20 Also, content server 1001 receives, over the Internet, 

a content key delivery request from playback apparatus 1005, 
which is outside of key delivery system 1000, and conducts 
authentication with playback apparatus 1005, although in 
this case authentication is not successful. The reason for 
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this is that playback apparatus 1005, when it has an 
authentication unit, does not hold the common secret 
information that is valid only in key delivery system 1000, 
and so authentication with content server 1001 will always 
end up being unsuccessful . This is also the case when playback 
apparatus 1005 does not have an authentication unit, since 
authentication with content server 1001 cannot be conducted. 
Also, authentication with content server 1001 will again be 
unsuccessful for the same reasons in the case of a recording 
medium that does not hold the common secret information only 
valid in key delivery system 1000. 

Content server 1001, on receipt of information 
indicating that content key usage has ended, adds u l" to the 
deliverable number of the content key. 

Playback apparatus 1004 stores encrypted 
content o content encrypted in content server 1001, and when 
an encrypted content is to be used, apparatus 1004 transmits 
a content key delivery request to content server 1001, 
conducts authentication with content server 1001, and if 
successful, acquires first key information from content 
server 1001, decrypts the encrypted content using the content 
key included in the first key information to generate a 
contcnt content , and plays the generated content. Once 
playback has ended, playback apparatus 1004 deletes the first 
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key information, and transmits information to content server 
1001 indicating that content key usage has ended. 

Recording medium 1002 is a portable recording medium 
having an internal IC, an example of which is a memory card 
5 having an internal IC . Recording medium 1002 stores encrypted 




content encrypted in content server 1001. When an 



encrypted content is to be used, recording medium 1002 is 
mounted in playback apparatus 1003 . Playback apparatus 1003, 
at a time of encrypted content usage, judges whether second 

10 key information corresponding to the encrypted content to 
be used exists in recording medium 1002, and if it exists, 
playback apparatus 1003 judges whether the usage period 
included in the second key information has lapsed, and if 
it has lapsed, playback apparatus 1003 does not conduct 

15 playback. If judged to be within the usage period, playback 
apparatus 1003 decrypts the encrypted content using the 
content key included in the second key information to 
generate a contcnt content , and plays the generated content. 

If judged that second key information corresponding to 

20 the encrypted content to be used does not exist in recording 
medium 1002, playback apparatus 1003 transmits a content key 
delivery request to content server 1001, authentication is 
conducted between content server 1001 and recording medium 
1002, and if successful, playback apparatus 1003 acquires 
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second key information from content server 1001, and stores 
the acquired second key information on recording medium 1002 . 
Playback apparatus 1003 decrypts the encrypted content using 
the content key included in the second key information stored 
on recording medium 1002 to generate a contcnt content , and 
plays the generated content . 

Also, content server 1001 is able to use encrypted 
content a content stored on recording medium 1002 by the same 
operations as playback apparatus 1003. Furthermore, content 
server 1001 is also able to use encrypted contents content 
stored in content server 1001. In this case, authentication 
is not conducted at a time of acquiring content keys. 

As such, key delivery system 1000 is a system that 
manages content keys in content server 1001, and restricts 
the use of content keys within key delivery system 1000 (i.e. 
restricts the use of contcnto content ) . 

3.2 Structure of Content Server 1001 

The structure of content server 1001 will now be 
described. 

As shown in Fig. 17, content server 1001 is structured 
from content storage unit 1011, a management- information 
storage unit 1012, a usage-key storage unit 1013, a reception 
unit 1014, a content acquisition unit 1015, an input unit 
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1016, a playback unit 1017 , a usage-key monitoring unit 1018, 
a usage-key confirmation unit 1019, a usage-key advance 
delivery unit 102 0, a content-key control unit 1024, an 
authentication unit 1022, a time management unit 1023, a 
input/output (IO) unit 1024, a communication unit 1025, and 
a clocking unit 1026. 

Content server 1001 is, specifically, a computer system 
structured from microprocessor, a ROM, a RAM , a hard disk 
unit, a network interface and the like. A computer program 
is stored on the ROM or the hard disk unit. Content server 
1001 carries out functions as a result of the microprocessor 
operating in accordance with the computer program. 

(1) Content Storage Unit 1011 

Content storage unit 1011 includes an area for storing 
encrypted content o content in correspondence with 
information IDs, an example of which is shown in Fig. 18. 

(2) Management- Information Storage Unit 1012 

Management -information storage unit 1012 is tamper 
resistant, and as shown in Fig . 19 , includes a key- information 
storage unit 1031 and a delivered key- information storage 
unit 1032. 

Key- information storage unit 1031 has a key information 
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table T1001, an example of which is shown in Fig. 20. Key 
information table T1001 includes an area for storing one or 
more groupings that are each formed from a content key ID, 
a content key, a corresponding- information ID, a total number, 
a remaining number, and a time period restriction. Moreover, 
each of these groupings is referred to collectively as 
content key information. 

A content key ID is an identifier identifying a content 

key. 

A content key is a key used in content encryption, and 
a different content key is used per content. 

A corresponding- information ID is an information ID 
corresponding to an encrypted content encrypted using a 
content key. As such, it is possible to correspond content 
keys with encrypted content s content stored in content 
storage unit 1011. 

A "total number" is the sum of the current deliverable 
number of a content key and the already delivered number of 
the content key, and a "remaining number" is the current 
deliverable number of the content key. 

A time period restriction records a time period during 
which a delivered content key can be used. The time period 
may be recorded may be hour-units, or it may be recorded in 
minute-units, second-units, day-units, or a combination of 
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these. Here, the time period is recorded in hour - units . 

Delivered key- information storage unit 1032 has a 
delivered key information table T1002, an example of which 
is shown in Fig. 21. 
5 Delivered key information table T1002 includes an area 

for storing one or more groupings that are each formed from 
a delivered content key ID and a usage period. Moreover, each 
of these groupings is referred to collectively as content 
key management information. 
10 A delivered content key ID is a content key ID 

corresponding to a content key delivered to recording medium 
1002 . 

A usage period shows a time period during which a 
delivered content key is usable, and is recorded in 
15 day-hour-minutes. Moreover, the usage period may be in 
day-hour-minute- seconds . 

(3) Usage -Key Storage Unit 1013 

Usage-key storage unit 1013 is tamper-resistant, and 
20 stores a content key used in decrypting an encrypted content 
for use in content server 1001, to generate a contcnt content . 

(4) Clocking Unit 1026 

Clocking unit 1026 clocks time. 
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(5) Reception Unit 1014 

Reception unit 1014 receives content g content encrypted 
for use in broadcasts, and outputs the encrypted 
content o content to content acquisition unit 1015. 

(6) Content Acquisition Unit 1015 

Content acquisition unit 1015 prestores decryption 
keys for decrypting content o content encrypted for broadcast 
usage, and total numbers/ time period restrictions relating 
to content keys deliverable to key delivery system 1000. 

Content acquisition unit 1015, on receipt from 
reception unit 1014 of a — content content encrypted for 
broadcast usage, decrypts the encrypted content using a 
prestored decryption key to generate a contcnt content . Next, 
unit 1015 generates a content key using a random number, and 
encrypts the content using the content key to generate an 
encrypted content. Unit 1015 calculates an information ID 
identifying the encrypted content, and stores the calculated 
information ID and the encrypted content in content storage 
unit 1011. 

Furthermore, content acquisition unit 1015 calculates 
a content key ID identifying the generated content key, 
generates content key information using the calculated 
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content key ID and information ID, the generated content key 
and the prestored total number and time period restriction, 
and writes the generated content key information into key 
information table T1001. At this point in time, the remaining 
5 number is the same as the total number. 

(7) Input Unit 1016 

Input unit 1016 receives information relating to 
content usage, and outputs the received information to 

10 playback unit 1017 or usage-key advance delivery unit 1020. 

Specifically, input unit 1016 receives, from a user, 
playback information that includes content storage target 
information showing whether the storage target of an 
encrypted content for use is recording medium 1002, and an 

15 information ID corresponding to the encrypted content, and 
outputs the received playback information to playback unit 
1017. Here, "0" and "1" are used as content storage target 
information. u 0" shows that the storage target of an 
encrypted content for use is recording medium 1002 . "1" shows 

20 that the storage target is other than recording medium 1002. 
In the given example, n l" shows that the storage target of 
the encrypted content is content server 1001. 

Input unit 1016, on receipt of playback stoppage 
information from a user indicating to stop content playback, 
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outputs the received playback stoppage information to 
playback unit 1017. 

Also, input unit 1016 receives, from a user, advance 
request information requesting advance delivery of a content 
key to recording medium 1002, and outputs the received 
advance request information to usage-key confirmation unit 
1019. Here, advance request information is information that 
includes the information ID of an encrypted content 
corresponding to a content key whose advance delivery is 
requested. 

(8) Playback Unit 1017 

Playback unit 1017 decrypts encrypted content a content 
stored in content storage unit 1011 to generate 
cont onto content and plays the generated contcnto content , or 
decrypts contcnto content stored on recording medium 1002 to 
generate contcnts content and plays the generated 
content s content . 

Specifically, playback unit 1017 receives playback 
information from input unit 1016, and judges whether the 
storage target of an encrypted content for use is recording 
medium 1002, using content storage target information 
included in the received playback information. 

When the storage target of the encrypted content is 
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judged to be recording medium 1002, playback unit 1017 
outputs the received playback information to usage-key 
confirmation unit 1019. 

When judged that the storage target of the encrypted 
content is other than recording medium 1002 (i.e. content 
server 1001) , playback unit 1017 outputs the received 
playback information to usage-key monitoring unit 1018. 

Playback unit 1017 receives, from usage-key monitoring 
unit 1018 or usage-key confirmation unit 1019, 
key-acquisition completed information that includes storage 
target information showing whether the storage target of a 
content key is recording medium 1002. Here, "0" and "1" are 
used as key storage target information. "0" shows that the 
storage target of a content key is recording medium 1002. 
"1" shows that the storage target is other than recording 
medium 1002 . In the given example, "1" shows that the content 
key storage target is content server 1001. 

Playback unit 1017 judges whether the content key 
storage target is recording medium 1002, using the key 
storage target information included in the received 
key-acquisition completed information . 

When the content key storage target is judged to be 
recording medium 1002, playback unit 1017 acquires a content 
key from recording medium 1002 via IO unit 1024, and 
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furthermore acquires, from recording medium 1002 via IO unit 
1024, an encrypted content corresponding to the information 
ID included in the playback information received from input 
unit 1016, decrypts the encrypted content using the acquired 
content key to generate a contcnt content , and plays the 
generated content . 

When the content key storage target is judged to be 
other than recording medium 1002 (i.e. content server 1001) , 
playback unit 1017 acquires the content key included in the 
first key information stored in usage-key storage unit 1013, 
and furthermore acquires, from content storage unit 1011, 
an encrypted content corresponding to the information ID 
included in the playback information received from input unit 
1016, decrypts the encrypted content using the received 
content key to generate a — contcnt content , and plays the 
generated content . 

Also, playback unit 1017, on receipt from input unit 
1016 of playback stoppage information, stops playback of the 
content currently being played. 

(9) Usage-Key Monitoring Unit 1018 

Usage-key monitoring unit 1018 stores, in usage-key 
storage unit 1013, first key information used in playback 
unit 1017 when an encrypted content stored in content storage 



unit 1011 is to be used, and deletes stored first key 
information when usage of the encrypted content ends. 

Specifically, usage-key monitoring unit 1018, on 
receipt of playback information from playback unit 1017, 
5 generates first request information, and outputs the 
generated first request information to content-key control 
unit 1021. Here, first request information is information 
indicating to store a content key in usage-key storage unit 
1013, and includes the information ID included in the 

10 playback information. 

Usage-key monitoring unit 1018 receives first key 
information from content-key control unit 1021, stores the 
received first key information in usage-key storage unit 1013 , 
generates key-acquisition completed information in which the 

15 key storage target information is "1", and outputs the 
generated key-acquisition completed information to playback 
unit 1017. 

Furthermore, usage-key monitoring unit 1018 monitors 
the operations of playback unit 1017, and when detecting the 
20 end of content playback or the end of operations by playback 
unit 1017 due to a content playback stoppage, deletes the 
first key information stored in usage-key storage unit 1013, 
generates key-usage ended information showing that content 
key usage has ended, and outputs the generated key-usage 
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ended information to content-key control unit 1021. Here, 
key-usage ended information includes the information ID 
corresponding to the encrypted content that was used. 

5 (10) Usage- Key Confirmation Unit 1019 

Usage-key confirmation unit 1019 confirms the usage 
period of content keys stored on recording medium 1002, and 
records/deletes content keys. 

Specifically, usage-key confirmation unit 1019, on 

10 receipt of playback information from playback unit 1017, 
judges whether there exists second key information 
corresponding to the information ID included in the received 
playback information . 

If judged that corresponding second key information 

15 exists, usage-key confirmation unit 1019 acquires the 
present date-time from clocking unit 1026, and judges whether 
the usage period of the content key included in the second 
key information has lapsed. If judged to be within the usage 
period, unit 1019 generates key-acquisition completed 

20 information in which the key storage information is "0" , and 
outputs the generated key-acquisition completed information 
to playback unit 1017. If judged that the usage period has 
lapsed, unit 1019 deletes the second key information and 
notifies usage- failure information to the user, showing that 



91 



usage of the content key is not possible. 

If judged that corresponding second key information 
does not exist, usage-key confirmation unit 1019 generated 
second request information, and outputs the generated second 
5 request information to content-key control unit 1021. Also, 
unit 1019 outputs, to recording medium 1002 via IO unit 1024, 
information indicating that playback information has been 
received. Here, second request information is information 
indicating to output a content key to recording medium 1002, 
10 and includes the information ID included in the playback 
information . 

Usage-key confirmation unit 1019 receives encrypted 
second key information from content-key control unit 1021, 
and outputs the encrypted second key information to recording 
15 medium 1002 via 10 unit 1024. Furthermore, unit 1019 
generates key-acquisition completed information in which the 
key storage information is u 0", and outputs the generated 
key-acquisition completed information to playback unit 1017 . 

20 (11) Usage -Key Advance Delivery Unit 102 0 

Usage-key advance delivery unit 1020 conducts advance 
delivery of content keys to recording medium 1002. 

Specifically, usage -key advance delivery unit 1020, on 
receipt of advance request information, outputs the received 
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advance request information to content-key control unit 1021, 
and furthermore outputs, to recording medium 1002 via 10 unit 
1024, information indicating that the advance request 
information has been received. 
5 Usage-key advance delivery unit 1020 receives, from 

content-key control unit 1021, encrypted second key 
information, and outputs the encrypted second key 
information to recording medium 1002 via 10 unit 1024. 

10 (12) Content -Key Control Unit 1021 

Content-key control unit 1021 manages content keys to 
be delivered. 

Specifically, content-key control unit 1021 receives 
first request information, second request information, third 

15 request information indicating to conduct content key 
delivery using a network, or advance request information. 
Furthermore, unit 1021 receives key-usage ended information 
from usage-key monitoring unit 1018, or from playback 
apparatus 1004 via communication unit 1025. 

20 Here, third request information includes a usage 

classification and an information ID corresponding to an 
encrypted content. Also, in the usage classification is 
recorded either information showing "playback apparatus" or 
information showing "recording medium" . When the usage 
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classification is information showing "playback apparatus", 
this shows that a contcnt content for use is recorded on a 
playback apparatus, and when the usage classification is 
information showing "recording medium" , this shows that a 
contcnt content for use is recorded onto a recording medium. 
Moreover, content-key control unit 1021 receives the third 
request information from playback apparatus 1005. 

Content-key control unit 1021 judges whether the 
received information is key-usage ended information. 

If judged to not be key-usage ended information, 
content-key control unit 1021 further judges whether the 
received information is first request information. 

If judged to be first request information, content-key 
control unit 1021 acquires, from key information table T1001 
using the information ID in the first request information, 
content key information that includes a 

corresponding- information ID matching the information ID. 
Unit 1021 judges whether the remaining number in the acquired 
content key information is "0" . If judged to be "0", unit 
1021 notifies none -remaining information to the user 
indicating that the remaining deliverable number of the 
content key is "0". If judged to not be "0", unit 1021 
generates first key information from the acquired content 
key information, and outputs the generated first key 
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information to usage-key monitoring unit 1018. Furthermore, 
unit 1021 subtracts w l" from the remaining number in the 
acquired content key information to update the content key 
information, and writes the updated content key information 
5 into key information table T1001. 

If judged to not be first request information, 
content-key control unit 1021 outputs authentication 
identifying information to authentication unit 1022 showing 
that the received information is one of second request 
10 information, third request information whose usage 
classification is "playback apparatus", third request 
information whose usage classification is "recording medium" , 
and advance request information. 

Content -key control unit 1021, on receipt of 
15 authentication-succeeded information from authentication 
unit 1022 indicating that authentication was successful, 
acquires and delivers a content key, and updates key 
information table T1001, as described below. 

Content-key control unit 1021 judges whether the 
20 received information is one of second request information, 
third request information, and advance request information. 

If judged to be second request information, content-key 
control unit 1021, the same as with first request information, 
acquires content key information using the information ID 
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included in the second request information, and judges 
whether the remaining number in the acquired content key 
information is "0" . If judged to be "0", unit 1021 notifies 
none -remaining information to the user indicating that the 
5 remaining deliverable number of the content key is "0" . If 
judged to not be "0" , unit 1021 furthermore acquires the 
present date- time from clocking unit 1026, and calculates 
a usage period using the acquired date-time and the time 
period restriction information included in the content key 

10 information. Unit 1021 generates second key information from 
the calculated usage period and the acquired content key 
information, encrypts the generated second key information 
using the shared secret key generated at the time of 
authentication, and outputs the encrypted second key 

15 information to usage-key confirmation unit 1019. Furthermore, 
unit 1021 subtracts "1" from the remaining number in the 
acquired content key information to update the content key 
information, and writes the updated content key information 
into key information table T1001. Also, unit 1021 generates 

20 content key management information from the calculated usage 
period and the acquired content key information, and writes 
the generated content key management information into 
delivered key information table T1002. 

If judged that the received information is third 



96 



request information, content-key control unit 1021, the same 
as with first request information, acquires content key 
information using the information ID included in the third 
request information, and judges whether the remaining number 
5 in the acquired content key information is "0" . If judged 
to be "0" , unit 1021 notifies none -remaining information to 
the user indicating that the remaining deliverable number 
of the content key is "0" . If judged to not be "0", unit 1021 
furthermore judges whether the usage classification included 

10 in the third request information shows "playback apparatus" 
or "recording medium" . 

If judged that the usage classification shows "playback 
apparatus", content-key control unit 1021 generates first 
key information, encrypts the generated first key 

15 information using the shared secret key generated at the time 
of authentication, and outputs the encrypted first key 
information to playback apparatus 1004 via communication 
unit 102 5. Furthermore, unit 1021 subtracts "1" from the 
remaining number in the acquired content key information to 

20 update the content key information, and writes the updated 
content key information into key information table T1001. 

If judged that the usage classification shows 
"recording medium" , content-key control unit 1021 
furthermore acquires the present date-time from clocking 
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unit 1026, calculates a usage period using the acquired 
date-time and time period restriction information included 
in the content key information, generates second key 
information from the calculated usage period and the acquired 
5 content key information, encrypts the generated second key 
information using the shared secret key generated at the time 
of authentication, and outputs the encrypted second key 
information via communication unit 1025 to recording medium 
1002 mounted in playback apparatus 1003. Furthermore, unit 

10 1021 subtracts w l" from the remaining number in the acquired 
content key information to update the content key information, 
and writes the updated content key information into key 
information table T1001. Also, unit 1021 generates content 
key management information from the calculated usage period 

15 and the acquired content key information, and writes the 
generated content key management information into delivered 
key information table T1002 . 

If judged that the received information is advance 
request information, content-key control unit 1021 acquires, 

20 from key information table T1001 using the information ID 
in the advance request information, content key information 
that includes a corresponding- information ID matching the 
information ID, and judges whether the remaining number in 
the acquired content key information is "0" . If judged to 
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be "0", unit 1021 notifies none- remaining information to the 
user indicating that the remaining deliverable number of the 
content key is "0". If judged to not be u 0", unit 1021 
furthermore acquires the present date-time from clocking 
5 unit 1026, calculates a usage period using the acquired 
date-time and time period restriction information included 
in the content key information, generates second key 
information from the calculated usage period and the acquired 
content key information, encrypts the generated second key 

10 information using the shared secret key generated at the time 
of authentication, and outputs the encrypted second key 
information to usage-key advance delivery unit 1020. 
Furthermore, unit 1021 subtracts "1" from the remaining 
number in the acquired content key information to update the 

15 content key information, and writes the updated content key 
information into key information table T1001 . Also, unit 1021 
generates content key management information from the 
calculated usage period and the acquired content key 
information, and writes the generated content key management 

20 information into delivered key information table T1002 . 

Content-key control unit 1021, when judged that the 
received information is key-usage ended information, 
acquires, from key information table T1001 using the 
information ID included in the received key-usage ended 
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information, content key information that includes a 
corresponding- information ID matching the information ID. 
Unit 1021 adds u l" to the remaining number in the acquired 
content key information to update the content key information, 
5 and writes the updated content key information into key 
information table T1001. 

(13) Authentication Unit 1022 

Authentication unit 1022 prestores common secret 
10 information, and conducts authentication with playback 
apparatus 1004, and with recording medium 1002 when mounted 
in either content server 1001 or playback apparatus 1003. 

Specifically, authentication unit 1022, on receipt of 
authentication identifying information from content-key 
15 control unit 1021, conducts authentication using the 
received authentication identifying information, as 
described below. 

If judged that the authentication identifying 
information shows second request information or advance 
20 request information, authentication unit 1022 conducts 
authentication mutually with recording medium 1002 mounted 
in content server 1001. 

If judged that the authentication identifying 
information shows third request information whose usage 
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classification is "playback apparatus" , authentication unit 
1022 conducts authentication mutually with playback 
apparatus 1004, and if judged to show third request 
information whose usage classification is "recording medium" , 
5 unit 1022 conducts authentication mutually with recording 
medium 1002 mounted in playback apparatus 1003 . 

Moreover, authentication unit 1022 generates a shared 
secret key when commencing the authentication, encrypts 
information for use in the authentication using the shared 

10 secret key, transmits the encrypted information to playback 
apparatus 1004 or recording medium 1002, and also receives 
encrypted information from playback apparatus 1004 or 
recording medium 1002, decrypts the encrypted information, 
and uses the decrypted information in the authentication. 

15 Authentication unit 1022 judges whether authentication 

was successful, and if successful, outputs 

authentication- succeeded information to content-key control 
unit 1021, and if unsuccessful, notifies 

authentication- failed information to the user indicating 

20 that authentication was not successful . 

(14) Time Management Unit 1023 

Time management unit 1023 manages usage periods 
corresponding to delivered content key IDs recorded in 
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delivered key information table T1002, using clocking unit 
1026 . 

Specifically, time management unit 1023 judges using 
clocking unit 1026 whether usage periods corresponding to 
delivered content key IDs recorded in delivered key 
information table T1002 have lapsed. If judged that a usage 
period has lapsed, unit 1023 deletes the corresponding 
content key management information, acquires, from key 
information table T1001, content key information that 
matches the delivered content key ID that has been deleted, 
adds "1" to the remaining number in the acquired content key 
information to update the content key information, and writes 
the updated content key information into key information 
table T1001. 

(15) JO Unit 1024 

10 unit 1024 receives information from recording medium 
1002 mounted in content server 1001, and outputs the received 
information to playback unit 1017, usage-key confirmation 
unit 1019, usage-key advance delivery unit 1020, 
authentication unit 1022. 

Also, IO unit 1024 outputs information received from 
playback unit 1017, usage-key confirmation unit 1019, 
usage-key advance delivery unit 102 0, authentication unit 
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1022 to recording medium 1002 mounted in content server 1001. 

(16) Communication Unit 1025 

Communication unit 1025 transmits information received 
5 from content-key control unit 1021 to playback apparatus 1004 
or to recording medium 1002 mounted in playback apparatus 
1003 , and transmits information received from authentication 
unit 1022 to playback apparatus 1004, recording medium 1002 
mounted in playback apparatus 1003, or playback apparatus 
10 1005. 

Also, communication unit 1025 outputs information 
received from playback apparatus 1004, recording medium 1002 
mounted in playback apparatus 1003, or playback apparatus 
1005 to content-key control unit 1021 or authentication unit 
15 1022. 

3.3 Structure of Recording Medium 1002 

The structure of recording medium 1002 will now be 
described. 

20 As shown in Fig. 22, recording medium 1002 is structured 

from a content storage unit 1101, a usage-key storage unit 
1102, an authentication unit 1103, and an input/output (IO) 
unit 1104. 

Recording medium 1002 is, specifically, a computer 



103 



system structured from microprocessor, a ROM, a RAM, and the 
like. A computer program is stored on the ROM. recording 
medium 1002 carries out functions as a result of the 
microprocessor operating in accordance with the computer 
5 program . 

(1) Content Storage Unit 1101 

Content storage unit 1101 includes an area the same as 
content storage unit 1011 in content server 1001. 

10 

(2) Usage -Key Storage Unit 1102 

Usage-key storage unit 1102 is tamper-resistant, and 
includes a delivered content key table T1101, an example of 
which is shown in Fig. 23. 
15 Since the various items in delivered content key table 

T1101 are the same as the data structuring the second key 
information, a description is omitted here. 

(3) Authentication Unit 1103 

20 Authentication unit 1103 prestores common secret 

information, and conducts authentication with 
authentication unit 1022 included in content server 1001. 

Specifically, authentication unit 1103 conducts 
authentication mutually with content server 1001 by 
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receiving, from content server 1001 via 10 unit 1104, 
information indicating that playback information or advance 
request information has been received, or by receiving, from 
playback apparatus 1003 via IO unit 1104, information 
5 indicating that playback information has been received. 

Authentication unit 1103 judges whether authentication 
was successful, and if successful, outputs 
authentication- succeeded information to playback apparatus 
1003 via IO unit 1104, and if not successful, notifies 

10 authentication- failed information to the user. 

Also, authentication unit 1103, the same as 
authentication unit 1022 in content server 1001, generates 
common secret information when commencing the authentication. 
Unit 1103 encrypts information for use in the authentication, 

15 using the generated common secret information, transmits the 
encrypted information to content server 1001, and also 
receives encrypted information from content server 1001, 
decrypts the encrypted information, and used the decrypted 
information in the authentication. 

20 

(4) IO Unit 1104 

10 unit 1104 receives information from an apparatus in 
which recording medium 1002 is mounted. Unit 1104 judges 
whether the received information is information relating to 
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authentication, an encrypted content, or encrypted second 

key inf ormat ion . 

If judged to be information relating to authentication, 

10 unit 1104 outputs the received information to 
5 authentication unit 1103, and if judged to be an encrypted 

content, unit 1104 writes the encrypted content into content 

storage unit 1101. If judged to be encrypted second key 

information, unit 1104 decrypts the encrypted second key 

information using the common secret information generated 
10 at the time of authentication to generate second key 

information, and writes the generated second key information 

into usage-key storage unit 1102. 

Also, IO unit 1104 outputs information received from 

content storage unit 1101, usage-key storage unit 1102 or 
15 authentication unit 1103 to the apparatus in which recording 

medium 1002 is mounted. 

3.4 Structure of Playback Apparatus 1003 

The structure of playback apparatus 1003 will now be 
20 described. 

As shown in Fig. 24, playback apparatus 1003 is 
structure from an input unit 1201, a playback unit 1202, a 
usage-key confirmation unit 1203, an input/output (10) unit 
1204, a communication unit 1205, and a clocking unit 1206. 
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Playback apparatus 1003 is, specifically, a computer 
system structured from microprocessor, a ROM, a RAM, a hard 
disk unit, a network interface, and the like. A computer 
program is stored on the ROM or the hard disk unit. Playback 
5 apparatus 1003 carries out functions as a result of the 
microprocessor operating in accordance with the computer 
program . 

(1) Clocking Unit 1206 

10 Clocking unit 1206 clocks date-time. 

(2) Input Unit 1201 

Input unit 1201 receives information relating to 
content usage, and outputs the received information to 
15 playback unit 1202. 

Specifically, input unit 1201 receives playback 
information from a user, and outputs the received playback 
information to playback unit 1202 . Here, the content storage 
target information included in the playback information is 
20 always "0" . 

Input unit 1201, on receipt from a user of playback 
stoppage information indicating to stop content playback, 
outputs the received playback stoppage information to 
playback unit 1202. 
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(3) Playback Unit 12 02 

Playback unit 12 02 decrypts encrypted contents content 
stored on recording medium 1002 to generate contcnta content , 
and plays the generated contcnta content . 

Specifically, playback unit 1202, on receipt from input 
unit 1201 of playback information, outputs the received 
playback information to usage-key confirmation unit 1203. 

Playback unit 1202, on receipt of key-acquisition 
completed information from usage-key confirmation unit 1203 , 
acquires a content key from recording medium 1002, and 
furthermore acquires, from content storage unit 1101 in 
recording medium 1002, an encrypted content corresponding 
to the information ID included in the playback information 
received from input unit 1201, decrypts the encrypted content 
using the acquired content key to generate content, and plays 
the generated content . 

Also, playback unit 1202, on receipt of playback 
stoppage information from input unit 12 01, stops playback 
of the content currently being played. 

(4) Usage -Key Confirmation Unit 1203 

Usage-key confirmation unit 1203 confirms the usage 
periods of content keys stored in recording medium 1002, and 
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records/deletes content keys. 

Specifically, usage-key confirmation unit 1203, on 
receipt of playback information from playback unit 1202, 
judges whether there exists second key information in 
5 recording medium 1002 that corresponds to the information 
ID included in the received playback information. 

If judged that corresponding second key information 
exists, usage-key confirmation unit 1203 acquires the 
present date-time from clocking unit 1206 , and judges whether 

10 the usage period of the content key included in the second 
key information has lapsed. If judged to be within the usage 
period, unit 1203 generates key-acquisition completed 
information in which the key storage target information is 
"0", and outputs the generated key-acquisition completed 

15 information to playback unit 1202. If judged that the usage 
period has lapsed, unit 1203 deletes the second key 
information, and notifies usage- failure information to the 
user showing that content key usage is not possible. 

If judged that corresponding second key information 

20 does not exist, usage-key confirmation unit 1203 generates 
third request information that includes a usage 
classification showing "recording medium" and the 
information ID from the received playback information, and 
outputs the generated third request information to content 
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server 1001. Also, unit 1203 outputs, to recording medium 
1002 via IO unit 1024, information indicating that the 
playback information has been received. 

Usage-key confirmation unit 1203, on receipt of 
5 authentication-succeeded information from authentication 
unit 1103 via 10 unit 1204, furthermore receives encrypted 
second key information from content server 1001 via 
communication unit 1205, and outputs the encrypted second 
key information to recording medium 1002 via IO unit 1204. 
10 Furthermore, unit 1203 generates key-acquisition completed 
information in which the key storage target information is 
"0", and outputs the generated key-acquisition completed 
information to playback unit 1202. 

15 (5) IO Unit 1204 

10 unit 12 04 outputs information received from 
recording medium 1002 to playback unit 1202, usage-key 
confirmation unit 1203, or communication unit 1205. 

Also, 10 unit 1204 outputs information received from 
20 playback unit 1202, usage-key confirmation unit 1203, or 
communication unit 1205 to recording medium 1002. 

(6) Communication Unit 1205 

Communication unit 12 05 outputs information received 
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from content server 1001 to usage-key confirmation unit 1203 
or IO unit 1204 . 

Also, communication unit 12 05 transmits information 
received from usage-key confirmation unit 1203 and 10 unit 
5 1204 to content server 1001. 

3.5 Structure of Playback Apparatus 1004 

The structure of playback apparatus 1004 will now be 
described . 

10 As shown in Fig. 25, playback apparatus 1004 is 

structure from a content storage unit 1301, a usage-key 
storage unit 13 02, an input unit 13 03, a playback unit 13 04, 
a usage-key monitoring unit 1305, an authentication unit 1306, 
and a communication unit 1307. 

15 Playback apparatus 1004 is, specifically, a computer 

system structured from microprocessor, a ROM , a RAM, a hard 
disk unit, a network interface, and the like. A computer 
program is stored on the ROM or the hard disk unit. Playback 
apparatus 1004 carries out functions as a result of the 

20 microprocessor operating in accordance with the computer 
program . 

(1) Content Storage Unit 13 01 

Content storage unit 1301 includes an area the same as 
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content storage unit 1011 in content server 1001. 

(2) Usage-Key Storage Unit 1302 

Usage-key storage unit 1302 is tamper-resistant, and 
5 stores content keys used in decrypting encrypted content for 
use in playback apparatus 1004, to generate contcnto content . 

(3) Input Unit 1303 

Input unit 1303 receives information relating to 
10 content usage, and outputs the received information to 
playback unit 1304. 

Specifically, input unit 13 03 receives playback 
information from a user, and outputs the received playback 
information to playback unit 13 04 . Here, the content storage 
15 target information included in the playback information is 
always "1" . 

Input unit 1303, on receipt from a user of playback 
stoppage information indicating to stop content playback, 
outputs the received playback stoppage information to 
20 playback unit 1304. 

(4) Playback Unit 13 04 

Playback unit 13 04 decrypts encrypted contcnto content 
stored in content storage unit 13 01 to generate 
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contcnt3 Content , and plays the generated oontcnto content . 

Specifically, playback unit 1304, on receipt of 
playback information from input unit 1303, outputs the 
received playback information to usage-key monitoring unit 
1305 . 

Playback unit 13 04, on receipt of key-acquisition 
completed information from usage-key monitoring unit 13 05, 
acquires the content key included in the first key 
information from usage-key storage unit 13 02, and 
furthermore acquires, from content storage unit 13 01, an 
encrypted content corresponding to the information ID 
included in the playback information received input unit 13 03 , 
decrypts the encrypted content using the acquired content 
key to generate a contcnt content , and plays the generated 
content . 

Also, playback unit 13 04, on receipt of playback 
stoppage information from input unit 1303, stops playback 
of the content currently being played. 

(5) Usage-Key Monitoring Unit 1305 

Usage-key monitoring unit 1305 stores, in usage-key 
storage unit 13 02, content keys to be used when encrypted 
content o content stored in content storage unit 13 01 are used 
in playback unit 13 04, and deletes stored content keys when 
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usage of encrypted content s content has ended. 

Specifically, usage-key monitoring unit 1305, on 
receipt of playback information from playback unit 13 04, 
generates third request information that includes a usage 
5 classification showing "playback apparatus" and the 
information ID included in the received playback information, 
outputs the generated third request information to content 
server 1001, and furthermore outputs information to 
authentication unit 13 06 indicating that the playback 

10 information has been received. 

Usage-key monitoring unit 13 05, on receipt of 
authentication- succeeded information from authentication 
unit 1306, furthermore receives encrypted first key 
information from content server 1001 via communication unit 

15 1307. Unit 1305 decrypts the encrypted first key information 
using the shared secret key generated at the time of 
authentication to generate first key information, and stores 
the generated first key information in usage-key storage unit 
1302. Furthermore, unit 1305 generates key-acquisition 

20 completed information in which the key storage target 
information is "1", and outputs the generated 
key-acquisition completed information to playback unit 13 04 . 
In this case, if the key storage target information is "1", 
this shows that the content key storage target is usage-key 



114 



storage unit 1302 in playback apparatus 1004. 

Furthermore, usage-key monitoring unit 1305 monitors 
the operations of playback unit 13 04, and on detecting that 
content playback has ended or that the operations of playback 
5 unit 13 04 have ended due to a content playback stoppage (i.e. 
on detecting that content usage has ended) , deletes the first 
key information stored in usage-key storage unit 13 02, 
generates key-usage ended information, and outputs the 
generated key-usage ended information to content server 
10 1001. 



(6) Authentication Unit 1306 

Authentication unit 1306 prestores common secret 
information, and conducts authentication with 

15 authentication unit 1022 included in content server 1001. 

Specifically, authentication unit 1306 conducts 
authentication mutually with content server 1001 by 
receiving information from usage-key monitoring unit 13 05 
indicating that playback information has been received. 

20 Authentication unit 1306 judges whether authentication 

was successful, and if successful, outputs 
authentication-succeeded information to usage-key 
monitoring unit 1305, and if not successful, notifies 
authentication-failed information to the user indicating 
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that authentication was not successful. 

Also, authentication unit 1306, the same as 
authentication unit 1022 in content server 1001, generates 
a shared secret key when commencing the authentication. Unit 
5 13 06 encrypts information for use in the authentication using 
the shared secret key, transmit the encrypted information 
to content server 1001, and also receives encrypted 
information from content server 1001, decrypts the encrypted 
information, and uses the decrypted information in the 
10 authentication . 

(7) Communication Unit 1307 

Communication unit 13 07 outputs information received 
from content server 1001 to usage-key monitoring unit 1305 
15 or authentication unit 1306. 

Also, communication unit 1307 outputs information 
received from usage-key monitoring unit 13 05 or 
authentication unit 1306 to content server 1001. 

20 3.6 Operations of Key Delivery System 1000 

The operations of key delivery system 1000 will now be 
described . 

(1) Content Key Management Processing Operations 
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The content key management processing conducted in 
content server 1001 by content-key control unit 1021 and 
authentication unit 1022 will now be described using the 
Figs. 2 6 and 27 flowcharts. 
5 Content-key control unit 1021 receives information 

(step S1000) , and judges whether the received information 
is key-usage ended information (step S1005) . 

If judged at step S1005 to be key-usage ended 
information, content-key control unit 1021, using the 
10 information ID included in the received key-usage ended 
information, adds w l" to the remaining number in content key 
information corresponding to the information ID, to update 
key information table T1001 (step S1010) . 

If judged at step S1005 to not be key-usage ended 
15 information, content-key control unit 1021 judges whether 
the received information is first request information (step 
S1015) . 

If judged at step S1015 to be first request information, 
content-key control unit 1021 acquires content key 
20 information corresponding to the information ID included in 
the first request information, and judges whether the 
remaining number in the acquired content key information is 
"0" (step S1020) . 

If judged at step S1020 to be "0" , content-key control 
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unit 1021 generates first key information from the acquired 
content key information, and outputs the generated first key 
information to usage-key monitoring unit 1018 (step 1025) . 
Furthermore, unit 1021 subtracts "1" from the remaining 
5 number in the acquired content key information to update key 
information table T1001 (step S1030) . 

If judged at step S1020 that the remaining number is 
"0", content-key control unit 1021 notifies none -remaining 
information to the user (step S1135) . 

10 If judged at step S1015 to not be first request 

information, content-key control unit 1021 outputs 
authentication identifying information to authentication 
unit 1022 and authentication processing is conducted in 
authentication unit 1022 with the source of the content key 

15 delivery request (step S1035) . Authentication unit 1022 
judges whether the authentication processing at step S1035 
was successful (step S1040) . If judged at step S1040 that 
authentication was not successful, unit 1021 notifies 
authentication-failed information to the user (step S1045) . 

20 If judged at step S1040 that authentication was 

successful, content-key control unit 1021 judges whether the 
received information is second request information (step 
S1050) . 

If judged at step S1050 to be second request information, 



118 



content-key control unit 1021 acquires content key 
information corresponding to the information ID included in 
the second request information, and judges whether the 
remaining number in the acquired content key information is 
5 "0" (step S1055) . 

If judged at step S1055 that the remaining number is 
not "0", content-key control unit 1021 generates second key 
information from the acquired content key information, 
encrypts the generated second key information, and outputs 

10 the encrypted second key information to usage-key 
confirmation unit 1019 (step S1060) . Furthermore, unit 1021 
subtracts "1" from the remaining number in the acquired 
content key information to update key information table T1001 
(step S1065). Also, unit 1021 generates content key 

15 management information, and writes the generated content key 
management information into delivered key information table 
T1002 (step S1070) . 

If judged at step S1055 that the remaining number is 
"0" , content-key control unit 1021 notifies none -remaining 

20 information to the user (step S1135) . 

If judged at step S1050 to not be second request 
information, content-key control unit 1021 judges whether 
the received information is third request information (step 
S1075) . 
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If judged at step S1075 to be third request information, 
content-key control unit 1021 acquires content key 
information corresponding to the information ID included in 
the third request information, and judges whether the 
5 remaining number in the acquired content key information is 
"0" (step S1080) . 

If judged at step S1080 that the remaining number is 
not u 0" , content-key control unit 1021 judges whether the 
usage classification included in the received third request 
10 information is information showing "playback apparatus" 
(step S1085) . 

If judged at step S1085 to be information shows 
"playback apparatus", content-key control unit 1021 
generates first key information from the acquired content 

15 key information, encrypts the generated first key 
information, and transmits the encrypted first key 
information to playback apparatus 1004 (step S1090) . 
Furthermore, unit 1021 subtracts "1" from the remaining 
number in the acquired content key information to update key 

20 information table T1001 (step S1065) . 

If judged at step S1085 to not be information showing 
"playback apparatus", content-key control unit 1021 
generates second key information from the acquired content 
key information, encrypts the generated second key 
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information, and transmits the encrypted second key- 
information to recording medium 1002 (step SHOO) . 
Furthermore, unit 1021 subtracts "1" from the remaining 
number in the acquired content key information to update key 
5 information table T1001 (step S1105) . Also, unit 1021 
generates content key management information, and writes the 
generated content key management information into delivered 
key information table T1002 (step S1110) . 

If judged at step S1080 that the remaining number is 

10 u 0", content-key control unit 1021 notifies none -remaining 
information to the user (step S1135) . 

If judged at step S1075 to not be third request 
information (i.e. when judged that the received information 
is advance request information) , content -key control unit 

15 1021 acquires content key information corresponding to the 
information ID included in the received advance request 
information, and judges whether the remaining number in the 
acquired content key information is "0" (step S1115) . 

If judged at step S1115 that the remaining number is 

20 not "0", content-key control unit 1021 generates second key 
information from the acquired content key information, 
encrypts the generated second key information, and outputs 
the encrypted second key information to usage -key advance 
delivery unit 1020 (step 1120) . Furthermore, unit 1021 
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subtracts "1" from the remaining number in the acquired 
content key information to update key information table T1001 
(step 1125) . Also, unit 1021 generates content key management 
information, and writes the generated content key management 
5 information into delivered key information table T10 02 (step 
S1130) . 

If judged at step S1115 that the remaining number is 
"0", content-key control unit 1021 notifies none -remaining 
information to the user (step S1135) . 

10 

(2) Authentication Processing Operations 

Authentication processing, which is conducted as part 

of the content key management processing, will now be 

described using the Fig. 28 flowchart. 
15 Authentication unit 1022, on receipt of authentication 

identifying information from content-key control unit 1021, 

judges whether the received authentication identifying 

information shows second request information or advance 

request information (step S1150) . 
20 If judged to show second request information or advance 

request information, authentication unit 1022 conducts 

mutual authentication with recording medium 1002 mounted in 

content server 1001 (step S1155) . 

If the received authentication identifying information 
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is judged at step S1150 to not be information showing second 
request information or advance request information, 
authentication unit 1022 judges whether it is third request 
information whose usage classification is "playback 
5 apparatus" (step S1160) . 

If judged to show third request information whose usage 
classification is "playback apparatus" , authentication unit 
1022 conducts authentication mutually with playback 
apparatus 1004 (step S1165) , and if judged to not be third 

10 request information whose usage classification is "playback 
apparatus" (i.e. judged to be third request information whose 
"usage classification is "recording medium"), 
authentication unit 1022 conducts authentication mutually 
with recording medium 1002 mounted in playback apparatus 1003 

15 (step S1170) . 

(3) Time Management Processing Operations 

Time management processing conducted in time 
management unit 1023 of content server 1001 will now be 
20 described using the Fig. 29 flowchart. 

Time management unit 102 3 acquires content key 
management information from delivered key information table 
T1002 and the present date-time from clocking unit 1026 (step 
S1200) , and judges whether the usage period in the content 
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key management information has lapsed (step S12 05) . 

If judged in step S1205 that the usage period has lapsed, 
time management unit 1023 deletes the acquired content key- 
management information from delivered key information table 
5 T1002 (step S1210) , adds "1" to the remaining number in 
content key information corresponding to the delivered 
content key ID in the acquired content key management 
information to update key information table T1001 (step 
1215) . 

10 Moreover, time management unit 1023 repeats this 

processing for each piece of content key management 
information stored in delivery key management information 
table T1002 . 

15 (4) Operations at Playback Time in Playback Apparatus 1004 
Operations when encrypted content g content stored in 
playback apparatus 1004 a^ee is used will now be described 
using the Fig. 3 0 flowchart. 

Playback apparatus 1004, on receipt of playback 
20 information (step S1250) , generates third request 
information that includes a usage classification showing 
"playback apparatus" , and transmits the generated third 
request information to content server 1001 (step 1255) . 

Content server 1001, on receipt of the third request 
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information (step 1260) , conducts mutual authentication with 
playback apparatus 1004 (steps S1265, S1270) . 

Content server 1001 judges whether authentication with 
playback apparatus 1004 was successful (step S1275) . 
5 Content server 1001, if judged at step S1275 that 

authentication was successful, judges whether the remaining 
number in content key information corresponding to the 
information ID included in the third request information is 
"0" (step S1285) . If judged at step S1275 that authentication 
10 was not successful, content server 1001 notifies 
authentication-failed information to the user (step S1340) . 

Content server 1001, if judged at step S1285 that the 
remaining number is not u 0" , generates first key information, 
encrypts the generated first key information, and transmits 
15 the encrypted first key information to playback apparatus 
1004 (step S1290) . If judged at step S1285 that the remaining 
information is "0", content server 1001 notifies 
none-remaining information to the user (step S1345) . 

Content server 1001 subtracts u l" from the remaining 
20 number in the content key information corresponding to the 
information ID included in the third request information to 
update key information table T1001 (step S1295) . 

Playback apparatus 1004 judges whether authentication 
was successful (step S1280) . 
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Playback apparatus 1004, if judged at step S1280 that 
authentication was not successful, notifies 

authentication- failed information to the user (step S1335) . 
If judged that authentication was successful, playback 
apparatus 1004 receives encrypted first key information from 
content server 1001, and decrypts the encrypted first key 
information to generate first key information (step S1300) . 

Playback apparatus 1004 stores the generated first key 
information in usage-key storage unit 1302 (step S1305) , and 
plays a contcnt content using the stored first key information 
and an encrypted content stored in content storage unit 1301 
(step S1310) . Also, on detecting the end of content usage 
(step S1315) , playback apparatus 1004 deletes the first key 
information stored in usage-key storage unit 1302 (step 
S1320) , generates key-usage ended information, and transmits 
the generated key-usage ended information to content server 
1001 (step S1325) . 

On receipt of the key-usage ended information from 
playback apparatus 1004, content server 1001, using the 
information ID included in the received key-usage ended 
information, adds u l" to the remaining number in content key 
information corresponding to the information ID, to update 
key information table T1001 (step S1330) . 
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(5) Operations at Playback Time in Playback Apparatus 1003 

Operations when encrypted content a content stored in 
recording medium 1002 is a^e used in playback apparatus 1003 
will now be described using the Fig. 31 flowchart. 

Playback apparatus 1003, on receipt of playback 
information (step S1400), judges whether second key 
information corresponding to the information ID included in 
the received playback information exists on recording medium 
1002 (step S1405) . 

If judgco — judged at step S1405 that corresponding 
second key information does exist, playback apparatus. 1003 
conducts key confirmation processing (step S1410) . 

If judges judged at step S1405 that corresponding second 
key information does not exist, playback apparatus 1003 
generates third request information that includes a usage 
classification showing "recording medium" , and transmits the 
generated third request information to content server 1001 
(step S1415) . 

Content server 1001, on receipt of the third request 
information (step S1420) , conducts mutual authentication 
with recording medium 1002 (steps S1425, S1430) . 

Content server 1001 judges whether authentication with 
recording medium 1002 was successful (step S1435) . 

Content server 1001, if judged at step S1435 that 
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authentication was successful, judges whether the remaining 
number in content key information corresponding to the 
information ID included in the third request information is 
"0" (step S1445) . If judged at step S1435 that authentication 
5 was not successful, content server 1001 notifies 
authentication-failed information to the user (step S1485) . 

Content server 1001, if judged at step S1445 that the 
remaining number is not "0" , generates second key information, 
encrypts the generated second key information, and transmits 

10 the encrypted second key information to playback apparatus 
1003 (step S1450) . If judged at step S1445 that the remaining 
information is "0" , content server 1001 notifies 
none -remaining information to the user (step S1490) . 

Content server 1001 subtracts "l" from the remaining 

15 number in the content key information corresponding to the 
information ID included in the third request information to 
update key information table T1001 (step S1455) . Also, 
content server 1001 generates content key management 
information, and writes the generated content key management 

20 information into delivered key information table T1002 (step 
S1460) . 

Recording medium 1002 judges whether authentication 
was successful (step S1440) . 

Recording medium 1002, if judged at step S1440 that 
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authentication was not successful, notifies 

authentication-failed information to the user (step S1480) . 
If judged that authentication was successful, recording 
medium 1002 outputs authentication-succeeded information to 
playback apparatus 1003, and playback apparatus 1003 
receives encrypted second key information from content 
server 1001, and outputs the encrypted second key information 
to recording medium 1002 (step S1465) . 

Recording medium 1002 receives the encrypted second key 
information from playback apparatus 1003, decrypts the 
encrypted second key information to generate second key 
information, and stores the generated second key information 
in usage-key storage unit 1102 (step S1470) . 

Playback apparatus 1003 plays a contcnt content using 
an encrypted content and the second key information stored 
on recording medium 1002 (step S1475) . 

(6) Operations at Time of Recording Medium 1002 Usage in 
Content Server 1001 

The operations in the case of encrypted content stored 
on recording medium 1002 being used in content server 1001 
will now be described using the Fig. 32 flowchart. 

Content server 1001, on receipt of playback information 
whose storage target information is "0" (step S1500) , judges 



129 



whether second key information corresponding to the 
information ID included in the received playback information 
exists on recording medium 1002 (step S1505) . 

If judges judged at step S1505 that corresponding second 
5 key information does exist, content server 1001 conducts key 
confirmation processing (step S1510) . 

If judges judged at step S1505 that corresponding second 
key information does not exist, content server 1001 conducts 
mutual authentication with recording medium 1002 (steps 
10 S1515, S1520) . 

Content server 1001 judges whether authentication with 
recording medium 1002 was successful (step S1525) . 

Content server 1001, if judged at step S1525 that 
authentication was successful, judges whether the remaining 
15 number in content key information corresponding to the 
information ID included in the second request information 
is u 0" (step S1535) . If judged at step S1525 that 
authentication was not successful, content server 1001 
notifies authentication- failed information to the user (step 
20 S1565) . 

Content server 1001, if judged at step S1535 that the 
remaining number is not "0" , generates second key information, 
encrypts the generated second key information, and outputs 
the encrypted second key information to recording medium 1002 



130 



(step S1540) . If judged at step S1535 that the remaining 
information is "0", content server 1001 notifies 
none -remaining information to the user (step S1570) . 

Content server 1001 subtracts "l" from the remaining 
5 number in the content key information corresponding to the 
information ID included in the second request information 
to update key information table T1001 (step S1545) . Also, 
content server 10 01 generates content key management 
information, and writes the generated content key management 

10 information into delivered key information table T1002 (step 
S1550) . Furthermore, content server 1001 reads, from 
recording medium 1002, the second key information outputted 
to recording medium 1002 and an encrypted content, and plays 
a Gontcnt content (step S1555) . 

15 Recording medium 1002 judges whether authentication 

was successful (step S1520) . 

Recording medium 1002, if judged at step S1520 that 
authentication was not successful, notifies 

authentication-failed information to the user (step S1575) . 

20 If judged that authentication was successful, recording 
medium 1002 receives encrypted second key information from 
content server 1001, decrypts the encrypted second key 
information to generate second key information, and stores 
the generated second key information in usage-key storage 
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unit 1102 (step S1560) . 

(7) Playback Operations of Content Server 1001 

Operation when encrypted content o content stored in 
content server 1001 arc is played will now be described using 
the Fig. 33 flowchart. 

Content server 1001 , on receipt of playback information 
whose storage target information is w l" (step S1600) , judges 
whether the remaining number in content key information 
corresponding to the information ID included in first request 
information generated using the received playback 
information is "0" (step S1605) . 

Content server 1001, if judged at step S1605 that the 
remaining number if not "0" , generates first key information, 
and stores the generated first key information in usage-key 
storage unit 1013 (step S1610) . Content server 1001, if 
judged that the remaining number is "0", notifies 
none -remaining information to the user (step S1640) . 

Content server 1001 subtracts "1" from the remaining 
number in the content key information corresponding to the 
information ID included in the first request information to 
update key information table 1001 (step 1615) . Furthermore, 
content server 1001 uses a contcnt content , using the first 
key information and an encrypted content (step S1620) . Also, 



132 



on detecting the end of content usage (step S162 5) , content 
server 1001 deletes the first key information stored in 
usage-key storage unit 1013 (step S1630) , and adds "1" to 
the remaining number in the content key information 
corresponding to the information ID of the encrypted content 
that was used, to update key information table 1001 (step 
1635) . 

(8) Key Confirmation Processing Operations 

The key confirmation processing operation shown in 
Fig. 31 will now be described in detail using the Fig. 34 
flowchart. Key confirmation processing is processing 
conducted in playback unit 12 02 and usage-key confirmation 
unit 1203 of playback apparatus 1003. 

Usage-key confirmation unit 1203 judges whether the 
usage period of the content key included in existing second 
key information has lapsed (step S1660) . If judged to be 
within the usage period, playback unit 1202 acquires the 
content key, decrypts an encrypted content using the acquired 
content key to generate a — contcnt content , and plays the 
generated content (step S1670) . 

If judged to be outside the usage period, usage-key 
confirmation unit 1203 deletes the second key information 
that includes the content key (step S1675) , and notifies 
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usage-failure information to the user (step S1680) . 

Moreover, since the key delivery processing operation 
shown in Fig. 32 is the same, a description is omitted here. 
The key delivery processing is conducted in playback unit 
5 1017 and usage-key confirmation unit 1019 of content server 
1001 . 

(9) Operations at Time of Advance Delivery of Content Keys 

Operations in the case of delivery content keys in 
10 advance to recording medium 1002 will now be described using 
the Fig. 35 flowchart. 

Content server 1001, on receipt of advance request 
information, outputs information to recording medium 1002 
indicating that advance request information has been 
15 received (step S1700) . 

Recording medium 1002 receives the information 
indicating that advance request information has been 
received (step S1705) , and conducts mutual authentication 
with content server 1001 (steps S1710, S1715) . 
20 Content server 1001 judges whether authentication with 

recording medium 1002 was successful (step S1720) . 

Content server 1001, if judged at step S1720 that 
authentication was successful, judges whether the remaining 
number in content key information corresponding to the 
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information ID included in the advance request information 
is "0" (step S1730) . If judged at step S1720 that 
authentication was not successful, content server 1001 
notifies authentication- failed information to the user (step 
5 S1755) . 

Content server 1001, if judged at step S1535 that the 
remaining number is not u 0" , generates second key information, 
encrypts the generated second key information, and outputs 
the encrypted second key information to recording medium 1002 

10 (step S1735) . If judged at step S1730 that the remaining 
information is "0", content server 1001 notifies 
none -remaining information to the user (step S1760) . 

Content server 1001 subtracts "l" from the remaining 
number in the content key information corresponding to the 

15 information ID included in the advance request information 
to update key information table T1001 (step S1740) . Also, 
content server 1001 generates content key management 
information, and writes the generated content key management 
information into delivered key information table T1002 (step 

20 S1745) . 

Recording medium 1002 judges whether authentication 
was successful (step S1725) . 

Recording medium 1002, if judged at step S1725 that 
authentication was not successful, notifies 
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authentication- failed information to the user (step S1765) . 
If judged that authentication was successful, recording 
medium 1002 receives encrypted second key information from 
content server 1001, decrypts the encrypted second key 
5 information to generate second key information, and stores 
the generated second key information in usage-key storage 
unit 1102 (step S1750) . 

3.7 Summary of Key Delivery Method Variation 

10 As described above, content server 1001 in key delivery 

system 1000 , when the legitimacy of key delivery is confirmed 
by authentication and the remaining number of a content key 
whose delivery has been request is not u 0" , delivers the 
content key. Also, in the delivery of content keys to 

15 recording medium 1002, content server 1001 restricts the use 
of content keys delivered to recording medium 1002, by 
appending a usage period for which the content key can be 
used. In this way, it is always possible to restrict content 
usage with respect to recording medium 1002, which is not 

20 network-connected . 

3.8 Further Variations 

The key delivery method variation described above is 
one exemplary implementation of the present invention, and 
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the present is not limited to this embodiment, it being 
possible to implement various structures within a range that 
does not diverge from the object of this embodiment. 
Variations such as the following are also included in the 
present invention . 

(1) Although the above is described in terms of all of 
the content information being encrypted when contents content 
arc is encrypted in content server 1001, the present invention 
is not limited to this, and only part of a contcnt the content 
need needs to be encrypted. 

(2) Only playback apparatus 1004 , recording medium 1002 
and content server 1001 structuring delivery system may be 
allowed to duplicate encrypted contcnts content . 

In this case, the duplication source and duplication 
target may conduct authentication at the time of duplication, 
and duplication only conducted if authentication is 
successful . 

(3) Also, with respect to a playback apparatus or a 
recording medium that fails the authentication (i.e. does 
not have common secret information) , an allowable number of 
duplications may be set, and duplication permitted only by 
a content server. In this case, the allowable number of 
duplications is reduced by n l" every time duplication is 
conducted. 
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(4) The recording medium may be a portable recording 
medium that has an internal IC, an authentication function, 
and is used by being mounted in a playback apparatus, an 
example of which is an SD card. 

Also, in the case of a portable recording medium that 
does not have an internal IC, authentication need only be 
conducted by content server 1001, instead of conducting 
mutual authentication . 

In this case, common secret information is recorded in 
the portable recording medium that does not have an internal 
IC, and content server 1001 conducts authentication by 
judging whether the common secret information exists. 

The portable recording medium not having an internal 
IC is, for example, a BD (blu-ray disc) or a DVD. 

Also, the recording medium is not limited to being a 
portable recording medium, and may be a portable terminal 
apparatus. In this case, the portable terminal apparatus, 
when connected to GW 1007, transmits third request 
information whose usage classification is "recording medium" 
to content server 1001, and if authentication is successful 
and there is a remaining deliverable number of a content key, 
portable terminal apparatus is able to receive encrypted 
second key information from content server 1001 . The portable 
terminal apparatus is, for example, a PDA (personal digital 
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assistant) or a notebook personal computer. 

(5) Although usage-key confirmation unit 1203 was 
described above as being provided in playback apparatus 10 03 , 
the present invention is not limited to this. Usage-key 

5 confirmation unit 12 03 may be included in recording medium 
1002 and its functions realized using clocking unit 1206 and 
communication unit 1205 of playback apparatus 1003. 

Also, usage-key confirmation unit 1019 provided in 
content server 1001 may be included in recording medium 1002 . 
10 Also, usage -key advance delivery unit 102 0 may be 

included in recording medium 1002. 

(6) Although the total number of a content key 
distributed by content server 1001 is described above as 
being the same for each content key, the present invention 

15 is not limited to this. The total number may be different 
for every content key. In this case, the total number is 
received by input unit 1016, content key information is 
generated in content acquisition unit 1015 using the received 
total number, and the generated content key information is 

20 stored in key- information storage unit 1031. 

Also, the time period restriction may be different for 
every content key, the same as with the time period 
restriction in content key information. In this case, the 
time period restriction is received by input unit 1016, 
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content key information is generated in content acquisition 
unit 1015 using the received time period restriction, and 
the generated content key information is stored in 
key- information storage unit 1031. 
5 (7) The total number of a content key distributed by 

content server 1001 may be divided for managing between the 
number delivered to playback apparatuses and the number 
delivered to recording media. 

(8) Playback apparatuses 1003 and 1004 may be the same 
10 playback apparatus . 

(9) Although the above was described in terms of advance 
key delivery being possible when recording medium 1002 is 
mounted in content server 1001, the present invention may 
be structured so that advance delivery of keys from content 

15 server 1001 is conductible when recording medium 1002 is 
mounted in playback apparatus 1003 . 

(10) Although the above was described in terms of key 
information table T1001 and delivered key information table 
T1002 being separate, they may be the same information table. 

20 In this case, the information table includes an area 

for storing one or more groupings that are each formed from 
a content key ID, a content key, a corresponding information 
ID, a total number, a remaining number, a time period 
restriction, and period information. The period information 
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is structured from usage period 1, usage period 2, usage 
period n. Here, w n" is a number greater than or equal to the 
number recorded in the total number. Usage period 1 is the 
same information as the usage period shown in the above key 
5 delivery method variation. Also, since usage period 2, 

usage period n are the same as usage period 1, a description 
is omitted here. 

(11) A usage -key monitoring unit may be included in 
playback apparatus 1003 , the same as playback apparatus 1004 . 

10 In this case, the usage-key monitoring unit in playback 

apparatus 1003, when detecting the end of usage of encrypted 
content stored on recording medium 1002, deletes the second 
key information using in the encrypted content usage, and 
transmits, to content server 1001, information formed from 

15 key-usage ended information, the used content key ID, and 
the usage period corresponding to the content ID. 

Content server 1001, on receipt of the above 
information from playback apparatus 1003, adds "1" to the 
remaining number in content key information corresponding 

20 to the information ID included in the key-usage ended 
information to update key information table T1001. Also, 
content server 1001 deletes the grouping of the used content 
key ID and the usage period that corresponds to the content 
ID from delivered key information table T1002. 
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(12) Although the above was described in terms of 
managing the usage period of content keys included in 
delivered second key information in content server 10 01 in 
the case of second key information being delivered to 
recording medium 1002, the usage period of content keys 
delivered to playback apparatus 1004 may also be managed. 

In this case, content server 1001 transmits second key 
information to playback apparatus 1004, and stores, in 
delivered key information table T1002 , a grouping formed from 
the content key ID and the usage period delivered to playback 
apparatus 1004. Management of the usage period after 
transmission of the second key information is conducted in 
time management unit 1023. 

Playback apparatus 1004, the same as when encrypted 
content s content stored on recording medium 1002 arc is used, 
judges after receiving playback information whether there 
exists a content key corresponding to the information ID 
included in the received playback information, and if judged 
that a corresponding content key does exist, playback 
apparatus 1004 judges whether the usage period has lapsed. 
If judged that the usage period has lapsed, playback 
apparatus 1004 deletes content key management information 
that includes the content key, and notifies usage- failure 
information to the user. If judged to be within the usage 
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period, playback apparatus 1004 generates a contont content 
using the content key, and plays the generated content. 

If judged that a corresponding content key does not 
exist, playback apparatus 1004 generates third request 
5 information that includes a usage classification showing 
"playback apparatus" and the information ID included in the 
received playback information, and transmits the generated 
third request information to content server 1001. Since the 
subsequent operations are the same as the above key delivery 

10 method variation, a description is omitted here. 

Also, even when playback apparatus 1004 outputs a 
content key to usage-key storage unit 1013 of content server 
1001, it is possible to manage the usage period of the 
outputted content key by the same method as above. 

15 Moreover, second key information for delivery is 

encrypted the same as in the above key delivery method 
variation . 

(13) Also, playback apparatus 1004 may manage delivered 
second key information by the same method as content server 
20 1001. 

In this case, clocking unit 1310 and a time management 
unit 1311 are provided in playback apparatus 1004. Clocking 
unit 1310 clocks date-time. Time management unit 1311 judges 
whether the usage period of second key information stored 
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in usage key storage unit 13 02 has lapsed, using the date- time 
clocked in clocking unit 1310 . If judged that the usage period 
has lapsed, playback apparatus 1004 deletes the second key 
information, and transmits key-usage ended information to 
5 content server 1001. 

Also, the same management as above is also possible in 
content server 1001 using clocking unit 1026, time management 
unit 1023, and usage-key information unit 1013. 

Also, time management unit 1110 may be provided in 
10 recording medium 1002 to conduct the same management as above. 
In this case, the operations shown above are only conducted 
while power is supplied to recording medium 1002 mounted in 
playback apparatus 1003 . 

(14) Also, a distinction may be made between a playback 
15 apparatus that conducts time management, and a playback 
apparatus that does not conduct time management. Moreover, 
a recording medium may also be included in the playback 
apparatus that conducts time management. 

In this case, a playback apparatus that conducts time 
20 management, transmits to content server 1001 third request 
information that has appended information showing that the 
playback apparatus conducts time management, instead of a 
usage classification, and a playback apparatus that does not 
conduct time management, transmits to content server 1001 
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third request information that has appended information 
showing that the playback apparatus does not conduct time 
management, instead of a usage classification. Content 
server 1001 judges whether the delivery target apparatus is 
5 a playback apparatus that conducts time management, and if 
judged to be a playback apparatus that conducts time 
management, content server 10 01 transmits encrypted second 
key information, and if judged to be a playback apparatus 
that does not conduct time management, content server 1001 

10 transmits encrypted first key information. 

(15) Also, second key information delivered to playback 
apparatus 1004 need only be managed by content server 1001. 
Moreover, the second key information is encrypted before 
being delivered. 

15 In this case, playback apparatus 1004 has an apparatus 

ID. Here, an apparatus ID is an identifier that identifies 
a playback apparatus. A different apparatus ID is allotted 
to each playback apparatus . 

Content server 1001 stores a delivered content key, a 

20 usage period, and the apparatus ID of playback apparatus 1004 
to which the content key was delivered. 

Content server 1001, after transmitting second key 
information to playback apparatus 1004, judges in time 
management unit 1023 whether the usage period of the content 
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key delivered to playback apparatus 1004 has lapsed, and if 
judged to have lapsed, key deletion information that includes 
the content key ID whose usage period has lapsed is 
transmitted from content server 1001 to playback apparatus 
5 1004, and "1" is added to the remaining number included in 
corresponding content key information in the key information 
table. At this time, playback apparatus 10 04, having received 
the key deletion information, deletes second key information 
corresponding to the content key ID included in the received 
10 information. 

Also, even when content server 1001 outputs content 
keys to usage-key storage unit 1013 in content server 1001, 
it is possible to conduct management by the same method as 
above . 

15 Also, when there is a plurality of playback apparatuses 

having the same structure as playback apparatus 1004, key 
deletion information may be transmitted collectively to one 
or more of the playback apparatuses. In this case, the number 
added to the remaining number included in corresponding 

20 content key information within key information table T1001 
is same as the number of playback apparatuses to which the 
key deletion information is transmitted. 

(16) The function of delivering first key information 
to playback apparatus 1004 at a specified time may be included 
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in content server 1001. Moreover, the delivered first key 
information is encrypted the same as in the above key delivery 
method variation. 

In this case, content server 1001 further includes an 
5 automatic delivery information storage unit 1041 that stores 
automatic delivery information formed from a delivery 
date- time showing a date- time for delivering a content key, 
first key information for delivery, and an apparatus ID of 
the playback apparatus that will conduct the delivery, an 

10 automatic delivery management unit 1042 that manages whether 
the date-time to deliver the first key information has been 
reached, and a specified time delivery unit 1043 that 
delivers the first key information when the delivery 
date- time is reached. 

15 Content server 1001, on receipt of date-time 

information for conducting automatic delivery, and automatic 
request information that includes an apparatus ID, conducts 
authentication. Content server 1001, if authentication is 
successful, generates automatic delivery information, 

20 stores the generated automatic delivery information in 
automatic delivery information storage unit 1041, and 
subtracts w l" from the remaining number included in 
corresponding content key information within key information 
table T1001. Automatic delivery management unit 1042 judges 
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whether the present date-time has reached the delivery 
date-time included in the automatic delivery information 
stored in automatic delivery information storage unit 1041, 
and if judged to have reached the deliver date-time, 
5 specified time delivery unit 1043 delivers first key 
information to playback apparatus 1004, which corresponds 
to the apparatus ID included in the automatic delivery 
information, and deletes the automatic delivery information 
stored in automatic delivery information storage unit 1041. 

10 Moreover, in the case of there being a plurality of 

playback apparatuses having the same structure as playback 
apparatus 1004, content keys may be delivered collectively 
to each playback apparatus specifying the same date-time, 
in the case of the same date- time information being received 

15 from one or more of the playback apparatuses. 

Also, information stored in automatic delivery 
information storage unit 1041 may be set as a delivery 
date-time, an apparatus ID, and second key information, and 
the second key information may be delivered to playback 

20 apparatus 1004 instead of the above-mentioned first key 
information . 

Also, second key information may also be delivered at 
a specified time with respect to recording medium 1002. In 
this case, the apparatus ID stored in automatic delivery 



148 



information storage unit 1041 is the apparatus ID of playback 
apparatus 1003 in which recording medium 1002 is mounted. 

Also, by input unit 1016 in content server 1001 
receiving automatic request information, automatic delivery 
5 to usage-key storage unit 1013 in content server 1001 is also 
possible the same in as the above operations . Authentication, 
however, is not conducted. 

Also, by input unit 1016 in content server 1001 
receiving automatic request information to which is appended 
10 information showing the delivery target of a content key to 
be recording medium 1002 or usage-key storage unit 1013 in 
content server 1001, it is possible to switch between 
automatic delivery to recording medium 1002 and automatic 
delivery to usage-key storage unit 1013 in content server 
15 1001. In this case, the information to be delivered is second 
key information. 

Also, information stored in automatic delivery 
information storage unit 1041 may be set as a delivery 
date-time and an apparatus ID, and first or second key 
20 information may be generated at an automatic delivery time. 

Also, first key information for automatic delivery may 
be encrypted by common key encryption and transmitted. 

Also, authentication may be conducted again at an 
automatic delivery time. First or second key information to 
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be delivered may be encrypted using the encryption key 
generated at a time of this authentication. 

(17) The function of detecting the delivery target of 
delivered content keys may be added in key delivery system 
5 1000. 

In this case, playback apparatus 1004 includes a key 
detection unit 1320 for detecting the existence of content 
keys specified by content server 1001, and recording medium 

1002 also includes a key detecting unit 1120 the same as 
10 playback apparatus 1004. 

Content server 1001 transmits, to playback apparatus 

1003 and playback apparatus 1004, key detection request 
information that includes a content key ID corresponding to 
a content key to be detected. 

15 Playback apparatus 1004, on receipt of key detection 

request information from content server 1001, judges in key 
detection unit 1320 whether the content key ID included in 
the received key detection request information exists in 
usage-key storage unit 1302, and if judged to exist, 

20 transmits information to content server 1001 indicating that 
the content key to which the detection request relates is 
being held. 

Playback apparatus 1003, on receipt of key detection 
request information from content server 1001, outputs the 
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received key detection request information to recording 
medium 1002. Recording medium 1002, on receipt of the key 
detection request information, judges in key detection unit 
112 0 whether the content key ID included in the received key 
5 detection request information exists in usage-key storage 
unit 1102, and if judged to exist, transmits information to 
content server 1001 indicating that the content key to which 
the detection request relates is being held. 

Also, although the above was described in terms of 
10 detection being conducted using a content key ID, a 
corresponding- information ID maybe used instead of a content 
key ID. In this case also, detection by the same method as 
above is possible. 

Also, a key detection unit may be included in playback 
15 apparatus 1003, instead of including key detection unit 1120 
in recording medium 1002. 

In this way, it is possible to manage playback 
apparatuses and recording media holding content keys to be 
detected, without needing to use a database or the like to 
20 manage playback apparatuses and recording media to which 
content keys have been delivered. 

(18) Although the above was described in terms of 
contcnts content being information delivered from a broadcast 
station, the present invention is not limited to this. 
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For example, content o content may be information 
obtained by digitalizing music information, video, computer 
programs, and the like. 

(19) In the above key delivery method variation, an 
5 encrypted content corresponding to first key information may 

be transmitted at a time of transmitting first key 
information from content server 1001 to playback apparatus 
1004. Also, in the same way, an encrypted content 
corresponding to second key information may be transmitted 
10 at a time of transmitting second key information from content 
server 1001 to recording medium 1002. 

(20) Second key information stored in recording medium 
1002 may be encrypted second key information. 

For example, after generating second key information 
15 in content server 1001, the second key information is 
encrypted using common secret information as an encryption 
key, and the encrypted second key information delivered to 
recording medium 1002. Recording medium 1002 stores the 
encrypted second key information, decrypts the encrypted 
20 second key information at a usage time using the common secret 
information, to generate second key information, and uses 
the generated second key information. 

Moreover, at a time of delivering encrypted second key 
information, the encrypted second key information may be 
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further encrypted using the shared secret key used at the 
time of authentication, and delivered. 

(21) Although the above was described in terms of 
content server 1001, when a content key is to be outputted 

5 to recording medium 1002 mounted in content server 1001, 
encrypting and outputting the second key information, the 
second key information may be outputted without being 
encrypted. 

Also, when first key information is delivered to 
10 playback apparatus 1004 via a network, the first key 
information may be outputted without being encrypted, the 
same as when second key information is delivered to recording 
medium 1002. 

(22) The usage frequency of delivered content keys may 
15 be managed. 

In this case, information showing content key usage is 
transmitted to a content server every time a content key is 
used. The content server, on receipt of the information 
showing content key usage, judges whether the usage frequency 
20 of the content key distributed to a recording medium has 
reached a predetermined frequency, and if judged to have 
reached to predetermined frequency, the content server adds 
"1" to the remaining number corresponding to the content key, 
and notifies information to the recording medium indicating 
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that the usage frequency has reached the predetermined 
frequency. The recording medium, on receipt of this 
information, deletes the content key after use. 

(23) Also, a content server may manage history 
5 information showing a usage condition of a content key 
delivered to a recording medium, and if usage of the content 
key is less than a certain predetermined time period, the 
content server may add u l" to the remaining number 
corresponding to the content key, and append usage- failure 

10 information to the history information of the content key. 

In this case, the recording medium transmits 
information to the content server showing content key usage, 
every time a delivered content key is used. The content server, 
on receipt of the information showing content key usage, 

15 judges whether usage of the content key by the recording 
medium is possible, and if usage is possible, the content 
server stores the information. If usage is not possible, the 
content server notifies information to the recording medium 
showing that usage is not possible. The recording medium, 

20 having received the notification, deletes the content key. 

Also, the content server judges whether a predetermined 
time period has lapsed since the last usage of the content 
key, using the stored information, and if judged to have 
lapsed, the content server adds "1" to the remaining number 
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corresponding to the content key. 

(24) It is not absolutely necessary for usage-key 
storage unit 1013, usage-key monitoring unit 1018, usage-key 
confirmation unit 1019, usage -key advance delivery unit 1020, 
5 content-key control unit 1021, authentication unit 1022, and 
time management unit 1023 shown in the above key delivery 
method variation to be included in content server 1001. For 
example, a key management server, being a different network 
terminal to content server 10 01 may be added to the structure 

10 of the key delivery system, and usage-key storage unit 1013, 
usage-key monitoring unit 1018, usage-key confirmation unit 
1019, usage-key advance delivery unit 1020, content-key 
control unit 1021, authentication unit 1022, and time 
management unit 1023 provided in the key management server. 

15 (25) Although content acquisition unit 1015 shown in 

the above key delivery method variation prestores a 
decryption key for decrypting an encrypted content acquired 
from broadcast station 1006, the present invention is not 
limited to this. The decryption key may be delivered from 

20 broadcast station 1006 together with the encrypted content. 

In this case, content acquisition unit 1015 receives 
the encrypted content and the decryption key from broadcast 
station 1006 via reception unit 1014. 

(26) Although content acquisition unit 1015 shown in 
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the above key delivery method variation decrypts an encrypted 
content acquired from broadcast station 1006, and encrypts 
the content again using a content key, the present invention 
is not limited to this. The encrypted content and the 
5 decryption key may be encrypted using the content key to 
generate encrypted content information, and the encrypted 
content information stored. 

In the case of a contcnt content being duplicated to 
playback apparatus 1004 or recording medium 1002, an 

10 information ID and the encrypted content information are 
duplicated. When the content is used in playback apparatus 
1004, the content key is received from content server 1001, 
the encrypted content information is decrypted using the 
received content key to generate the encrypted content and 

15 the decryption key, and the encrypted content is then 
decrypted using the decrypted key. Also, when the content 
recorded on recording medium 1002 is used in playback 
apparatus 1003, decryption of the encrypted content is 
conducted by the same operations. 

20 (27) The present invention may be any combination of 

the key delivery method variation and the further variations . 

4 . AD Server Variation 

In relation to content duplication, AD server 100 may 
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manage management information for permitting duplication 
with respect to in-group apparatuses and management 
information for permitting duplication with respect to 
out-group apparatuses. 
5 The following description relates to AD server 100 

holding management information with respect to both in-group 
and out-group apparatuses. 

Since group registration and withdrawal procedures 
between a playback apparatus and a home server are conducted 
10 by the procedures described above, a description is omitted 
here . 

Below, the group formation/management system and the 
AD server are referred to respectively as a 
content duplication content management system and a home 
15 server. 

4 . 1 Overview 

Fig. 36 is a block diagram showing a structure of a 
content duplication content management system 2000. 
20 A home server 2 001, a playback apparatus 2 0 02, and a 

playback apparatus 2 003 are connected via a gateway (GW) 2 005 
and form a home network. 

A recording medium 2004 is connected to playback 
apparatus 2003 by being inserted into an insertion opening 
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in playback apparatus 2003. 

Home server 2 0 01 , playback apparatus 2 002 , and playback 
apparatus 2003 communicate in the home network using their 
respective TCP/IP. 
5 GW 2005 conducts routing processing between the home 

network and an external network. 

A playback apparatus 2006 and a broadcast station 2007 
are connected to the external network. 

Broadcast station 2007 conducts ground-wave digital 
10 broadcasting, and broadcasts programs to households using 
UHF waves . 

Home server 2001 has a ground-wave digital broadcast 
reception function, and receives the broadcast content of 
broadcast station 2007, performs operations to change the 
15 broadcast content to a predetermined digital data format, 
and stores the digital data on a mass -storage hard disk as 
contcnto content . 

Home server 2 001 manages content duplication with 
respect to playback apparatus 2002, playback apparatus 2003, 
20 and playback apparatus 2006. 

Playback apparatus 2002, playback apparatus 2003 and 
playback apparatus 2 0 06 acquire content o content from home 
server 2001 when duplication permission relating to the 




•content is received from home server 2001, and store 
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and play the acquired contcnto content . 

In the present variation, the range of the home network 
is designated as group 2010. 

Restrictions applying to content duplication are 
5 relaxed in-group (i.e. within group 2010). 

Home server 2 0 01, playback apparatus 2 0 02, playback 
apparatus 2003, GW 2005 and recording medium 2004 belong to 
group 2 010. 

Apparatuses belonging to the external network cannot 
10 be managed by a home network manager or a group 2 010 manager. 

When contcnto content arc is to be duplicated to 
apparatuses belonging to the external network, home server 
2001 needs to apply stif f er restrictions than for duplication 
to apparatuses within group 2010. 
15 Home server 20 01 implements restrictions by the number 

of duplications permitted of a contcnt content . 

Home server 2001 distinguishes between in-group and 
out-group (i.e. outside the range of the home network) in 
setting and managing the maximum number of permitted 
20 duplications. 

Apparatuses and recording media belonging to group 2 010 
each hold group affiliation information, which is common 
information showing that the respective apparatus/medium 
belongs to group 2 010. 
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Group affiliation information is formed from common 
secret information distributed to each apparatus /medium 
secretly, and a device list of devices structuring the group, 
the device list being issued by a third party known as a 
5 certification authority (CA) . 

4 . 2 Structure 

4.2.1 Home Server 2001 

Home server 2001 is specifically a DVD player or the 
10 like that has a network communication function and a hard 
disk having a mass-storage storage area. 

Fig. 3 7 is a block diagram showing a structure of home 
server 2001. 

A communication unit 2101 conducts TCP/IP 
15 communication with other apparatuses via a network. 

A duplication-restriction information (DRI) 
management unit 2102 conducts controls pertaining to content 
duplication . 

Figs.38A and 38B shows information held by DRI 
20 management unit 2102. 

Fig.38A shows duplication-restriction information 
held by DRI management unit 2102. Duplication-restriction 
information is information corresponded with 

contcnta content , and is formed from a content identifier (ID) , 
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an in- group apparatus remaining number, an in- group medium 
remaining number, out -group apparatus remaining number, 
out -group medium remaining number, and usage period 
information . 

5 Duplication-restriction information is information 

relating to content o content acquired as a result of 
broadcasts from broadcast station 2007, and is acquired from 
broadcast station 2007 via a network, as compared with 
broadcasts transmitted from broadcast station 2007. 
10 A content ID is allotted to each content, and uniquely 

identifies the respective content. 

The in- group apparatus remaining number shows the 
remaining number of duplications of a — content content 
identified by a content ID that can be made to an in-group 
15 apparatus . 

When a — content content is duplicated to an in-group 
apparatus, DRI management unit 2102 subtracts "1" from the 
in-group apparatus remaining number. 

When an in-group apparatus deletes a duplicated content, 
20 DRI management unit 2102 adds u l" to the in-group apparatus 
remaining number. 

The out -group apparatus remaining number shows the 
remaining number of duplications of a — content content 
identified by a content ID that can be made to an out-group 
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apparatus . 

When a contcnt content is duplicated to an out -group 
apparatus, DRI management unit 2102 subtracts "1" from the 
in-group apparatus remaining number. 
5 When an out-group apparatus deletes a duplicated 

content, DRI management unit 2102 adds u l" to the out-group 
apparatus remaining number. 

The in-group medium remaining number shows the 
remaining number of duplications of a — contcnt content 
10 identified by a content ID that can be made to an in-group 
recording medium. 

The out -group medium remaining number shows the 
remaining number of duplications of a — contcnt content 
identified by a content ID that can be made to an out-group 
15 recording medium. 

For example, in the case of playback apparatus 2002 in 
group 2010 requesting server 2001 for content duplication, 
DRI management unit 2102 gives permission with respect to 
the request when the in-group apparatus remaining number is 
20 u l" or greater, and notifies a rejection with respect to the 
request when the in-group apparatus remaining number is "0" . 

When a contcnt content is duplicated from home server 
2001 to playback apparatus 2002, DRI management unit 2102 
subtracts w l" from the in-group apparatus remaining number. 
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Also, when playback apparatus 2 002 notifies server 2001 
of the deletion of a duplicated content, DRI management unit 
2102 adds "1" to the in- group apparatus remaining number. 

Usage period information is information showing a 
period during which usage of a contcnt content is possible. 

Usage period information shows, for example, a specif ic 
date-time such as 30 June 2005. 

When usage period information has been determined and 
a — contcnt content duplicated, DRI management unit 2102 
notifies the usage period information to a timer included 
in a time management unit 2105, and instructs time management 
unit 2105 to output an expiry date-time reached notification 
at the time shown in the usage period information. 

When an expiry date-time reached notification is 
acquired from time management unit 2105, DRI management unit 
2102 judges usage of the duplicated content to have ended, 
and adds w l" to the in-group apparatus remaining number. 

Usage period management processing is described in a 
later section. 

DRI management unit 2102 receives, by broadcast from 
an apparatus requesting content duplication (hereinafter 
"request apparatus"), a confirmation request that includes 
confirmation information identifying a contcnt content that 
the request apparatus has targeted for duplication. 
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When this broadcast is received, DRI management unit 
2102 confirms, via communication unit 2101, whether 
duplication-restriction information that includes a content 
ID matching the confirmation information is being managed 
5 therein, and if judged in the affirmative, DRI management 
unit 2102 transmits a duplication permission notification 
showing "duplication permitted" to the transmission source 
of the broadcast (i.e. the request apparatus). 

Also, when an ICMP (Internet Control Message Protocol) 
10 echo request message is received, DRI management unit 2102 
transmits an ICMP echo reply message to the request 
apparatus . 

DRI management unit 2102 receives a duplication request 
from the request apparatus that includes the confirmation 

15 information and attribute information showing "medium" or 
"apparatus" , and transmits an authentication start 
instruction to an authentication unit 2103. 

DRI management unit 2102 generates request management 
information based on the duplication request. 

20 Request management information is formed from a 

processing classification showing "duplicate" or "delete", 
confirmation information identifying a contcnt content , the 
IP address of a request apparatus, in/out group information 
showing whether a request apparatus is in-group or out -group, 
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attribute information showing whether a request apparatus 
is an apparatus or a recording medium, reservation 
information, and a next request pointer showing the location 
in which the next piece of request management information 
5 is held. 

Reservation information shows a time at which to start 
duplication or deletion of a contcnt content . 

Reservation information shows, for example, a specific 
date-time such as 30 June 2005. 
10 DRI management unit 2102 acquires reservation 

information from the request apparatus together with a 
duplication reservation request. 

Fig.3 8B shows a request management queue for managing 
request management information. 
15 In Fig.3 8B is shown an example in which three pieces 

of request management information are joined together in the 
request management queue. 

When a duplication request is received, DRI management 
unit 2102 writes the IP address of the request apparatus and 
20 the confirmation and attribute information included in the 
duplication request into a generated piece of request 
management information . 

DRI management unit 2102 acquires in/out group 
information from authentication unit 2103, and writes the 
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acquired in/out group information into the request 
management information . 

Home server 2001 conducts corresponding processing in 
order, starting with a request shown by the request 
5 management information indicated by a request head pointer. 

Once the corresponding processing has ended, DRI 
management unit 2102 rewrites the request head pointer to 
indicate the request management information shown by the next 
request pointer in the request management information 
10 currently processed. 

Also, when a new request is acquired from another 
apparatus, DRI management unit 2102 newly creates request 
management information responding to the acquired request, 
and joins the newly created request management information 
15 to the end of the queue . 

When the processing classification in the request 
management information shows "duplicate" , DRI management 
unit 2102 selects a target remaining number for processing 
from the in-group and out-group apparatus/medium remaining 
20 numbers, based on a combination of the in/out group 
information and the attribute information included in the 
request management information. 

For example, when the in/out group information shows 
"in-group" and the attribute information shows "apparatus", 
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the target remaining number will be the in-group apparatus 
remaining number, and when the in/out group information shows 
"in-group" and the attribute information shows "medium", the 
target remaining number will be the in-group medium remaining 
number . 

Next, DRI management unit 2102 investigates whether the 
target remaining number included in duplication-restriction 
information whose content ID matches the confirmation 
information in the request management information is "0" . 

If not "0" , DRI management unit 2102 judges the content 
identified by the content ID to be duplicable, and if "0", 
DRI management unit 2102 judges the content to be 
unduplicable . 

If judged to be duplicable, DRI management unit 2102 
instructs an encryption/decryption unit 2104 to encrypt the 
content and transmit the encrypted content to the request 
apparatus . 

Encryption/decryption unit 2104 encrypts the content 
and transmits the encrypted content to the request apparatus . 

When the processing classification in the request 
management information shows "delete" , DRI management unit 
2102 selects a target remaining number for processing from 
the in-group and out -group apparatus/medium remaining 
numbers, based on a combination of the in/out group 
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information and attribute information included in the 
request management information. 

DRI management unit 2102 transmits a return processing 
start notification to the request apparatus. 
5 Also, when a deletion-completed notification is 

received from the request apparatus, DRI management unit 2102 
adds u l" to the target remaining number included in 
duplicate-restriction information whose content ID matches 
the confirmation information in the request management 
10 information. 

DRI management unit 2102 deletes the request management 
information from the queue head to update the request 
management queue . 

Also, DRI management unit 2102 receives a transfer 
15 request for duplication-restriction information from a 
request apparatus . 

DRI management unit 2102 conducts processing to 
transfer at least part of the managed 

duplication-restriction information to another apparatus. 
20 Duplication-restriction information (DRI) transfer 

processing is described in a later section. 

DRI management unit 2102 receives a duplication 
reservation request from a request apparatus via 
communication unit 2101. 
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A duplication reservation request includes 
specification information showing a contcnt content relating 
to the duplication reservation request, and reservation 
information showing a start time of content duplication. 
5 When the duplication reservation request is received, 

DRI management unit 2102 judges whether a content ID matching 
the specification information included in the duplication 
reservation request is being held, and if judged to be held, 
unit 2102 holds the reservation information in 
10 correspondence with the content ID. 

Also, DRI management unit 2102 notifies the reservation 
information to the timer included in time management unit 
2105 and instructs time management unit 2105 to output a 
reservation- time reached notification at the time shown in 
15 the reservation information. 

Reservation management processing is described in a 
later section. 

Authentication unit 2103 receives an authentication 
start instruction from DRI management unit 2102 , and executes 
20 mutual authentication and key sharing with the request 
apparatus . 

Also, authentication unit 2103 holds group affiliation 
information showing that home server 2001 belongs to group 
2010 . 
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Group affiliation information is, the same as above, 
formed from common secret information distributed to each 
apparatus/recording medium secretly, and a device list of 
devices structuring the group, the device list being issued 
5 by a third party known as a CA. 

Mutual authentication and key sharing are described in 
a later section. 

When the mutual authentication and key sharing are 
successful, authentication unit 2103 and the request 
10 apparatus share session keys, which are the same key. 

Authentication unit 2103 holds the session key, and 
also notifies the session key to encryption/decryption unit 
2104. 

Authentication unit 2103 receives group affiliation 
15 information from the request apparatus. 

Authentication unit 2103 judges whether the received 
group affiliation information matches the held group 
affiliation information, and notifies in/out group 
information to DRI management unit 2102 showing u in-group" 
20 if judged to match and "out-group" if judged to not match. 

Encryption/decryption unit 2104 acquires the session 
key from authentication unit 2103, in the case of the mutual 
authentication and the key sharing conducted by 
authentication unit 2103 being successful. 



170 



Encryption/decryption unit 2104 conducts encryption of 
data to be transmitted to the request apparatus, and 
decryption of data received from the request apparatus, using 
the session key, in the case of the mutual authentication 
5 and the key sharing being successful. 

Time management unit 2105 includes a clock and a timer. 

The clock, for example, counts up in 1 -second 
increments, and is constituted by a counter that shows the 
seconds counted from 00:00:00, 1 January 1970. 
10 A timer notification request time is set in the timer 

by a notification request source. 

The timer sends a notification to the notification 
request source showing that the set time has been reached, 
when the clock indicates the time shown by the timer 
15 notification request time. 

A ground-wave digital broadcast (GDB) reception unit 
2106 receives programs from broadcast station 2007. 

GDB reception unit 2106 acquires video information, 
audio information, data broadcast information, control 
20 information, required in content playback, that includes a 
content ID, and other information, by conducting 
demodulation, demultiplexing, decryption and the like using 
a specified method, with respect to received broadcast 
signals . 
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GDB reception unit 2106 converts the video information, 
audio information, and data broadcast information to a 
predetermined digital data format (e.g. TS packets), and 
outputs the digital data to a storage unit 2107 as 
contcnto content . 

Storage unit 2107 stores contcnto content received from 
GDB reception unit 2106 in correspondence with content IDs. 

Storage unit 2107 is tamper-resistant, and information 
held therein cannot be accessed from sources external to home 
server 2101. 

4.2.2 Playback Apparatus 2002 

Playback apparatus 2002 is specifically a DVD player 
or the like that has a network communication function and 
a hard disk having a mass-storage storage area. 

Fig. 3 9 is a block diagram showing a structure of 
playback apparatus 2002. 

A communication unit 2201 conducts TCP/IP 
communication with other apparatuses via a network. 

A duplication restriction information (DRI) management 
unit 22 02 manages content duplication. 

Since the operations of DRI management unit 2202 are 
substantially the same as DRI management unit 2102, the 
following description relates to the differences. 
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DRI management unit 22 02 transmits, to a content 
duplication source, a duplication request that includes 
confirmation information identifying a content targeted for 
duplication and attribute information showing "medium" or 
5 "apparatus" . 

The attribute information is information showing 
"apparatus" when the transmission source is an apparatus such 
as playback apparatus 2002, and "medium" when the 
transmission source is a recording medium such as recording 
10 medium 2004 . 

As such, attribute information transmitted by playback 
apparatus 2 002 shows "apparatus" . 

Duplication restriction information is managed by a 
server that conducts content distribution. 
15 Playback apparatus 2002 possesses rights to distribute 

contcnto content , as a result of receiving transfer of rights 
permitting duplication from home server 2001, which 
possesses rights permitting content duplication. 

DRI management unit 2202 acquires, from home server 
20 2 001, a content ID, the in- group remaining apparatus number, 
the out -group apparatus remaining number, the in- group 
medium remaining number, the out -group medium remaining 
number, and usage period information, and holds the received 
information as duplication-restriction information. 
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DRI management unit 22 02 is structured the same as DRI 
management unit 2102. 

Here, playback apparatus 2 002 is not required to hold 
a contont content corresponding to the acquired content ID, 
5 and another apparatus may hold the content corresponding to 
the content ID. 

In this case, DRI management unit 2202, when a 
duplication request for the content is received from another 
apparatus and duplication of the content is permitted, 
10 instructs an apparatus holding the content to transmit the 
content to the apparatus that made the duplication request. 

Also, in- group and out -group apparatus/medium 
remaining numbers acquired from home server 2 001 may be only 
part, rather than all, of the corresponding remaining numbers 
15 held by home server 2001. 

For example, home server 2001 may, when holding a value 
of "10" as the in- group apparatus remaining number, only 
transfer a value of "5" as the in-group apparatus remaining 
number . 

20 In this case, playback apparatus 2002 possesses rights 

that permit up to five duplications of the content, with 
respect to in-group apparatuses. 

Also, playback apparatus 2 002 may return all or part 
of the duplication-restriction information acquired from 
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home server 2001. 

For example, playback apparatus 2 0 02 may only return 
a value of "2" to home server 2001 as the in- group apparatus 
remaining number. 

The transfer and return of duplication-restriction 
information are described in a later section. 

An authentication unit 2203 executes mutual 
authentication and key sharing with an apparatus for 
authenticating (hereinafter "authentication apparatus"). 

Authentication unit 2203 holds group affiliation 
information showing that playback apparatus 2 0 02 belongs to 
group 2 010. 

Mutual authentication and key sharing are described in 
a later section. 

When the mutual authentication and the key sharing are 
successful, authentication unit 2203 and the authentication 
apparatus share session keys, which are the same key. 

Authentication unit 2203 holds the session key, and 
also notifies the session key to an encryption/decryption 
unit 2204. 

Encryption/decryption unit 2204 acquires the session 
key from authentication unit 2203, in the case of the mutual 
authentication and the key sharing conducted by 
authentication unit 2203 being successful. 
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Encryption/decryption unit 22 04 conducts encryption of 
data to be transmitted to the authentication apparatus, and 
decryption of data received from the authentication 
apparatus, using the session key, in the case of the mutual 
5 authentication and the key sharing being successful. 

A time management unit 2205 includes a clock and a 
timer . 

The clock, for example, counts up in 1- second 
increments, and is constituted by a counter that shows the 
10 seconds counted from 00:00:00, 1 January 1970. 

A timer notification request time is set in the timer 
by a notification request source. 

The timer sends a notification to the notification 
request source showing that the set time has been reached, 
15 when the clock indicates the time shown by the timer 
notification request time. 

A content distribution source (CDS) determining unit 
2 2 06 determines, from servers and/or apparatuses that have 
received transfer of content duplication rights, a 
20 distribution-source apparatus from which to receive content 
duplication permission. 

CDS determining unit 2206 broadcasts, over a network, 
a confirmation request that includes confirmation 
information showing a content content targeted for 
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duplication . 

CDS determining unit 2206 transmits an ICMP echo 
request message to apparatuses that respond to the 
confirmation request in the order in which the replies are 
5 received, and measures the round- trip time, which is the time 
period from transmission of the ICMP echo request message 
until reception of an ICMP echo reply message. 

CDS determining unit 22 06 determines the apparatus with 
the shortest round-trip time as the distribution source 
10 apparatus, and notifies the determined distribution source 
apparatus to DRI management unit 2202. 

A storage unit 2207 holds contcnto content . 
A playback unit 22 08 plays content s content held by 
storage unit 2207 or content s content received by 
15 communication unit 2201. 

4.2.3 Playback Apparatus 2003 

Playback apparatus 2003 is specifically an SD player 
that has a network communication function. 
20 Fig. 40 is a block diagram showing a structure of 

playback apparatus 2 003 and internal IC portable recording 
medium 2004 . 

A communication unit 2301 conducts TCP/IP 
communication with other apparatuses via a network. 
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An input /output (IO) unit 23 03 is connected to and 
communicates with recording medium 2004. 

A playback unit 2 3 02 plays content a content read from 
recording medium 2004. 

5 

4.2.4 Recording Medium 2004 

Recording medium 2004 is specifically an SD card that 
is tamper-resistant and has an internal IC. 

An input /output (10) unit 2311 communicates with 
10 playback apparatus 2003. 

Recording medium 2 0 04 communicates with other 
apparatuses via playback apparatus 2003. 

The description of a content distribution source (CDS) 
determining unit 2312 is the same as the description of CDS 
15 determining unit 2206. 

CDS determining unit 2312 transmits a duplication 
request that includes confirmation information and attribute 
information to the apparatus determined as the distribution 
source apparatus . 
20 An authentication unit 2313 communicates with an 

apparatus for authenticating (hereinafter "authentication 
apparatus") via playback apparatus 2003 and a network, and 
executes mutual authentication and key sharing with the 
authentication apparatus . 
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Authentication unit 2313 holds group affiliation 
information showing that recording medium 2 004 belongs to 
group 2 010 . 

Mutual authentication and key sharing are described in 
5 a later section. 

When the mutual authentication and key sharing are 
successful, authentication unit 2313 and the authentication 
apparatus share session keys, which are the same key. 

Authentication unit 2313 holds the session key, and 
10 also notifies the session key to an encryption/decryption 
unit 2314. 

Encryption/decryption unit 2314 acquires the session 
key from authentication unit 2313, in the case of the mutual 
authentication and the key sharing conducted by 
15 authentication unit 2313 being successful. 

Encryption/decryption unit 2314 conducts encryption of 
data to be transmitted to the authentication apparatus, and 
decryption of data received from the authentication 
apparatus, using the session key, in the case of the mutual 
20 authentication and the key sharing being successful. 

A storage unit 2315 holds content o content . 

4.2.5 Playback Apparatus 2006 

Playback apparatus 2006 is specifically a DVD player 
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or the like that has a network communication function and 
a hard disk having a mass-storage storage area. 

Fig. 41 is a block diagram showing a structure of 
playback apparatus 2006. 
5 A communication unit 2401 conducts TCP/IP 

communication with other apparatuses via a network. 

An authentication unit 2402 executes mutual 
authentication and key sharing with a server holding 
contcntQ content . 
10 Authentication unit 2402, however, does not hold group 

affiliation information, and so playback apparatus 2006 is 
judged in home server 2001 to be an out-group apparatus. 

Mutual authentication and key sharing are described in 
a later section. 
15 When the mutual authentication and the key sharing are 

successful, authentication unit 2402 and the server share 
session keys, which are the same key. 

Authentication unit 2402 holds the session key and also 
notifies the session key to an encryption/decryption unit 
20 2403. 

Encryption/decryption unit 2403 acquires the session 
key from authentication unit 2402, in the case of the mutual 
authentication and the key sharing conducted by 
authentication unit 2402 being successful. 
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Encryption/decryption unit 24 03 conducts encryption of 
data to be transmitted to the server, and decryption of data 
received from the server, using the session key, in the case 
of the mutual authentication and the key sharing being 
5 successful. 

A storage unit 2404 holds contcnto content . 

4 . 3 Opera t i ons 

4.3.1 Duplication- Source Determination Processing 
10 A request apparatus determines, from apparatuses 

connected to a network, a delivery apparatus as the content 

duplication source . 

Fig. 42 is a flowchart showing duplication- source 

determination processing. 
15 In the given example, the request apparatus, the 

delivery apparatus, and the other device are playback 

apparatus 2002 , home server 2001, and playback apparatus 2003 , 

respectively. 

The "delivery apparatus" is the apparatus selected from 
20 among possible delivery apparatuses as the duplication 
source, as a result of duplication-source determination 
processing . 

The "other apparatus" is the apparatus not selected 
from among possible delivery apparatuses as the duplication 



181 



source, as a result of the duplication-source determination 
processing . 

The "request apparatus" is the apparatus that requests 
content duplication, and thus if the playback apparatus 2003 
5 makes a content duplication request, playback apparatus 2 003 
is the request apparatus. 

The request apparatus determines which apparatus to 
request for duplication of a contcnt content targeted for 
duplication (i.e. shown by the confirmation information). 
10 Specifically, the request apparatus broadcast 

transmits a confirmation request over a network, with the 
aim of acquiring a response from apparatuses holding the 
targeted content (S2001) . 

The confirmation request includes confirmation 
15 information identifying the content targeted by the request 
apparatus for duplication. 

The delivery apparatus and the other apparatus receive 
the confirmation request. 

The delivery apparatus confirms whether a content ID 
20 matching the confirmation information in the confirmation 
request is being managed therein (S2002) . 

The other apparatus confirms whether a content ID 
matching the confirmation information in the confirmation 
request is being managed therein (S2 003) . 
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The delivery apparatus, when managing a matching 
content ID (S2002 = YES) , transmits a duplication permission 
notification to the request apparatus showing ''duplication 
permitted" (S2004) . 
5 The delivery apparatus, when not managing a matching 

content ID (S2002 = NO) , ends the processing. 

The other apparatus, when managing a matching content 
ID (S2003 = YES) , transmits a duplication permission 
notification to the request apparatus showing "duplication 
10 permitted" (S2005) . 

The other apparatus, when not managing a matching 
content ID (S2003 = NO) , ends the processing. 

The request apparatus confirms the content of received 
duplication permission notifications, and holds a 
15 transmission source IP address of apparatuses that 
transmitted a duplication permission notification showing 
"duplication permitted" (S2006) . 

The request apparatus transmits an ICMP echo request 
message to apparatuses having the held IP addresses, and 
20 measures the round-trip time from the transmission time until 
receipt of an ICMP echo reply message. 

The request apparatus transmits an ICMP echo request 
message to the delivery apparatus (S2007) . 

The delivery apparatus receives the ICMP echo request 
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message and in response transmits an ICMP echo reply message 
to the request apparatus (S2008) . 

The request apparatus receives the ICMP echo reply 
message from the delivery apparatus and holds the measured 
5 round-trip time. 

The request apparatus transmits an ICMP echo request 
message to the other apparatus (S2009) . 

The other apparatus receives the ICMP echo request 
message and in response transmits an ICMP echo reply message 
10 to the request apparatus (S2010) . 

The request apparatus receives the ICMP echo reply 
message from the other apparatus, and holds the measured 
round-trip time. 

The request apparatus selects the apparatus having the 
15 shortest round- trip time as the duplication- source apparatus, 
and holds the IP address of the selected apparatus (S2011) . 

4.3.2 Mutual Authentication and Key Sharing 

Figs. 43 and 44 are flowcharts showing mutual device 
20 authentication and key sharing operations conducted between 

a delivery apparatus and a request apparatus. 

In the given example, playback apparatus 2 0 02 selects 

home server 2001 as the duplication source, as a result of 

the duplication-source determination processing shown in 
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Fig. 42 . 

As such, the following description relates to an 
example in which the delivery apparatus is home server 2 001 
and the request apparatus is playback apparatus 2002. 

Authentication unit 2103 in host server 2001 prestores 
a public key PK-CA of a certification authority (CA) , a secret 
key SK-A and a public key certificate Cert-A, and has an 
encryption unit as a result of an elliptic curve E. 

Also, authentication unit 2203 in playback apparatus 
2002 prestores a public key PK-CA of the CA, a secret key 
SK-i and a public key certificate Cert-i, and has an 
encryption unit as a result of elliptic curve E. 

Also, Sig (SK,D) is an operation in which a digital 
signature is performed on data D using a secret key SK. 

Also, "G" is a base point on elliptic curve E, and is 
a value unique to the present authentication system. 

Also, w * " is an operand showing multiplication over 
elliptic curve E . 

For example, w x * G" is an operation in which point 
G on elliptic curve E is added together x times. 

" II " is an operand showing a concatenation operation, 
and "A || B" for example results from "A" and U B" being 
concatenated . 

Below, "authentication unit 2103 outputs information 
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to authentication unit 2203", "authentication unit 2203 
outputs information to authentication unit 2103" and so forth 
are abbreviated sentences whose expanded meanings are 
respectively, "authentication unit 2103 outputs information 
5 to authentication unit 2203 via communication unit 2101 and 
communication unit 2201" , "authentication unit 2203 outputs 
information to authentication unit 2103 via communication 
unit 2201 and communication unit 210V . 

Authentication unit 2203 generates a random number y 
10 (S2101) , and outputs the generated random number y and public 
key certificate Cert-i to authentication unit 2103 (S2102) . 

Authentication unit 2103 receives random number y and 
public key certificate Cert-i (S2102) , and confirms that 
public key certificate Cert-i of playback apparatus 2002 is 
15 not revoked, using a CRL (S2103) . 

If revoked (S2104 = NO) , authentication unit 2103 ends 
the processing. 

If not revoked (S2104 = YES) , authentication unit 2103 
verifies public key certificate Cert-i using public key PK-CA 
20 (S2105) . 

If verification fails (S2106=NO), authentication unit 
2103 ends the processing. 

If verification succeeds (S2106 = YES) , authentication 
unit 2103 generates a random number x (S2107) , and outputs 



the generated random number x and public key certificate 
Cert-A to authentication unit 2203 (S2108) . 

Authentication unit 22 03 receives random number x and 
public key certificate Cert-A from authentication unit 2103 
5 (S2108) . 

Next, authentication unit 2203 confirms that public key 
certificate Cert-A of home server 2 001 is not revoked, using 
the CRL (S2109) . 

If revoked (S2110 = NO) , authentication unit 2203 ends 
10 the processing. 

If not revoked (S2110 = YES) , authentication unit 2203 
verifies public key certificate Cert-A using public key PK-CA 
(S2111) . 

If verification fails (S2112=NO), authentication unit 
15 2203 ends the processing. 

If verification succeeds (S2112 = YES) , authentication 
unit 2203 generates a random number y' (S2113) , and signature 
. data SI = Sig (SK - i, (y * G) || x) (S2114) and outputs y' 
* G and SI to authentication unit 2103 (S2115) . 
20 Authentication unit 2103 receives y' * G and SI from 

authentication unit 2103 (S2115) . 

Authentication unit 2103 verifies SI (S2116) . 
If verification fails (S2117=NO), authentication unit 
2103 ends the processing. 
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If verification succeeds (S2117 = YES) , authentication 
unit 2103 generates a random number x' (S2118) and signature 
data SO = Sig (SK - i, <x' * G) | | x) (S2119) , and outputs 
x 7 * G and SO to authentication unit 2203 (S2120) . 
5 Authentication unit 2203 receives x' * G and SO from 

authentication unit 2103 (S2120) , and verifies SO (S2121) . 

If verification fails (S2122=NO), authentication unit 
2203 ends the processing. 

If verification succeeds (S2122 = YES) , authentication 
10 unit 2203 calculates a session key K' = y* (x' * G) (S2124) . 

On the other hand, authentication unit 2103 calculates 
a session key K = x' (y' * G) (S2123) . 

In this way, mutual device authentication and key 
sharing are conducted between home server 2 001 and playback 
15 apparatus 2002. 

Session keys K and K' are keys having the same value 
shared in home server 2001 and playback apparatus 2002. 

4.3.3 Duplication Processing 
20 Fig. 42 is a flowchart showing duplication processing 

The following description relates to an example in 

which the request apparatus, the delivery apparatus and the 

other apparatus in Fig. 42 are playback apparatus 2002, home 

server 2001, and playback apparatus 2003, respectively. 
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The delivery apparatus, the request apparatus, and the 
other apparatus conduct the duplication- source 
determination processing shown in Fig. 42 (S2201). 

In the given example, the request apparatus selects 
home server 2001 as the delivery apparatus (i.e. duplication 
source) , as a result of the duplication-source determination 
processing . 

The request apparatus transmits a duplication request 
that includes confirmation information identifying a 
content content targeted for duplication and attribute 
information showing "apparatus" or "medium" to the delivery 
apparatus (S2202) . 

The delivery apparatus receives the duplication 
request, and holds the received duplication request together 
with the IP address of the request apparatus. 

The delivery apparatus and the request apparatus 
conducted the mutual authentication and key sharing shown 
in Figs. 43 and 44 (S2203). 

The delivery apparatus and request apparatus share 
session keys as a result of the step S2203 processing. 

After completion of the session key sharing, 
communication between the delivery apparatus and the request 
apparatus is encrypted/decrypted using the session keys. 

The request apparatus transmits group affiliation 
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information to the delivery apparatus (S2204). 

The request apparatus judges whether the received group 
affiliation information matches group affiliation 
information held by authentication unit 2103 (S2205) . 
5 When the mutual authentication and key sharing at step 

S2203 are successful, the delivery apparatus generates 
request management information based on the held duplication 
request and IP address, and the step 22 05 judgment result, 
and adds the generated request management information to the 
10 management request queue (S2206) . 

The delivery apparatus waits for the request management 
information added at step S2206 to be at the head of the queue 

(52207) . 

When the request management information is at the head 
15 of the queue, the delivery apparatus restarts the duplication 
processing based on the request management information. 

The delivery apparatus selects a target remaining 
number based on the attribute information and in/out group 
information included in the request management information, 
20 and judges whether the target remaining number is "0" 

(52208) . 

The target remaining number is one selected from the 
in-group and out-group apparatus/medium remaining numbers. 

When the in/out group information shows w in- group" and 
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the attribute information shows "apparatus", the target 
remaining number will be the in-group apparatus remaining 
number . 

Likewise, when the in/out group information shows 
5 "out-group" and the attribute information shows "apparatus" , 
the target remaining number will be the out -group apparatus 
remaining number. 

When the in/out group information shows "in-group" and 
the attribute information shows "medium" , the target 
10 remaining number will be the in-group medium remaining 
number . 

When the in/out group information shows "out-group" and 
the attribute information shows "medium" , the target 
remaining number will be the out -group medium remaining 
15 number . 

When the target remaining number is "0" (S220 8 = YES) , 
the delivery apparatus transmits a duplication permission 
notification to the request apparatus showing "duplication 
not permitted" (S2209) . 
20 The request apparatus judges whether a duplication 

permission notification showing "duplication not permitted" 
has been received from the delivery apparatus (S2210) . 

When judged that such a duplication permission 
notification has been received (S2210 = YES) , the request 



191 



apparatus ends the processing. 

When the target remaining number is not "0" (S2 2 08 = 
NO) , the delivery apparatus encrypts the content using the 
session key (S2211) , and transmits the encrypted content to 
5 the request apparatus (S2212) . 

The request apparatus decrypts the encrypted content 
received from the delivery apparatus using the session key, 
and hold the decrypted content in storage unit 2207 (S2213) . 

The request apparatus transmits a 

10 duplication-completed notification to the delivery 
apparatus (S2214) . 

The delivery apparatus receives the 

duplication-completed notification from the request 
apparatus and subtracts "1" from the target remaining number 
15 (S2215) . 

The delivery apparatus deletes the request management 
information at the head of the request management queue to 
update the request management queue (S2216). 

20 4.3.4 Duplication-Restriction Information (DRI) Transfer 
Processing 

Another apparatus is able to possess rights permitting 
the duplication of the content as a result of the delivery 
apparatus transferring DRI information managed therein. 
25 Fig. 46 is a flowchart showing DRI transfer processing. 
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In the given example, the request apparatus, the 
delivery apparatus, and the other apparatus are playback 
apparatus 2002 , home server 2001, and playback apparatus 2 0 03 , 
respectively. 

When a plurality of possible transfer-source 
apparatuses is operational over a network, the request 
apparatus firstly determines which one of these apparatuses 
to request for transfer. 

The request apparatus broadcast transmits, over the 
network, a duplication number transfer request that includes 
confirmation information identifying a targeted content and 
duplication request number relating to transfer (S23 01) . 

The duplication request number is an 8 -digit number, 
and in the given example, from a head, the first 2 digits 
are the in- group apparatus remaining number, digits 3 and 
4 are the out -group apparatus remaining number, digits 5 and 
6 are the in-group medium remaining number, and digits 7 and 
8 are the out -group medium remaining number. 

For example, if the in-group apparatus remaining number 
is "80", the out-group apparatus remaining number is "2", 
the in-group medium remaining number is "50", and the 
out-group medium remaining number is "3", the duplication 
request number will be "80025003" . 

When the delivery apparatus manages the content 
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identified by the broadcasted confirmation information, and 
also holds the in-group and out-group apparatus/medium 
remaining numbers included in the duplication request number, 
the delivery apparatus judges the content to be transferable, 
5 and judges the content to be untransferable in any other case 
(S2302) . 

When judged to be untransferable (S2 3 02 = NO) , the 
delivery apparatus ends the processing. 

Likewise, when the other apparatus manages the content 
10 identified by the broadcasted confirmation information, and 
also holds the in-group and out-group apparatus/medium 
remaining numbers included in the duplication request number, 
the other apparatus judges the content to be transferable, 
and judges the content to be untransferable in any other case 
15 (S2303) . 

When judged to be untransferable (S2303 = NO) , the other 
apparatus ends the processing. 

The delivery apparatus, when judged to be transferable 
(S2302 = YES) , transmits a transfer permission notification 
20 to the request apparatus showing "transfer permitted" 
(S2304) . 

The other apparatus, when judged to be transferable 
(S2303 = YES) , transmits a transfer permission notification 
to the request apparatus showing "transfer permitted" 
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(S2305) . 

The request apparatus confirms the content of received 
transfer permission notifications, and hold the 
transmission-source IP address of apparatuses that 
5 transmitted transfer permission notification showing 
"transfer permitted" (S2306) . 

The request apparatus transmits an ICMP echo request 
message to the apparatuses whose IP address is being held, 
and measures the round- trip response times from the 
10 transmission time until receipt of the ICMP echo reply 
messages . 

The request apparatus transmits an ICMP echo request 
message to the delivery apparatus (S2307) . 

The delivery apparatus receives the ICMP echo request 
15 message, and transmits an ICMP echo reply message to the 
request apparatus as a response (S2308) . 

The request apparatus receives the ICMP echo reply 
message, and calculates the round- trip time. 

The request apparatus transmits an ICMP echo request 
20 message to the other apparatus (S23 09) . 

The other apparatus receives the ICMP echo request 
message, and transmits an ICMP echo reply message to the 
request apparatus as a response (S2310) . 

The request apparatus receives the ICMP echo reply 
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message, and calculates the round- trip time. 

The request apparatus selects the apparatus having the 
shortest round-trip time as the transfer- source apparatus 
(S2311) . 

The request apparatus holds the IP address of the 
transfer- source apparatus . 

In the given example, the request apparatus selects the 
delivery apparatus as the transfer-source apparatus. 

The request apparatus and the delivery apparatus 
conduct the mutual authentication and key sharing shown in 
Figs. 43 and 44 (S2312). 

The delivery apparatus and the delivery apparatus share 
session keys as a result of the S2312 processing. 

After completion of the session key sharing, 
communication between the delivery apparatus and the request 
apparatus is encrypted/decrypted using the session keys. 

The request apparatus transmits group affiliation 
information and the duplication request number to the 
delivery apparatus (S2313) . 

The delivery apparatus confirms whether the received 
group affiliation information matches group affiliation 
information held by authentication unit 2103, and judges the 
delivery apparatus to be in- group if matched and out -group 
if not matched (S2314) . 
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When judged to be in-group (S2314 = YES) , the delivery- 
apparatus subtracts the remaining numbers shown by the 
duplication request number from the in-group and out-group 
apparatus/medium remaining numbers, respectively (S2315) . 
5 For example, if the in-group apparatus remaining number 

held by the delivery apparatus is "99", the out-group 
apparatus remaining number is "10", the in-group medium 
remaining number is "99" , and the out -group medium remaining 
number is "10", and the duplication request number is 

10 "30051001", the delivery apparatus will hold, after the 
execution of step S2315, "69" as the in-group apparatus 
remaining number, "5" as the out-group apparatus remaining 
number, "89" as the in-group medium remaining number, and 
"9" as the out-group medium remaining number. 

15 The delivery apparatus sets a transfer duplication 

number to "30051001". 

When the request apparatus is judged to be out-group 
(S2314 = NO) , the delivery apparatus sets the transfer 
duplication number to "0" . 

20 The delivery apparatus transmits a transfer permitted 

notification that includes the transfer duplication number 
and usage period information held by the delivery apparatus 
(S2316) . 

The request apparatus judges whether the received 
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transfer duplication number is u 0" (S2317) . 

When judged to be "0" (S2 317 = YES) , the request 
apparatus ends the processing. 

When judged to not be u 0" (S2317 = NO) , DRI management 
5 unit 2202 in the request apparatus sets the confirmation 
information as a content ID, and holds, as 
duplication-restriction information, the content ID, the 
transfer duplication number and the usage period information 
in correspondence with each other (S2318) . 

10 

4.3.5 Usage Period Management Processing 

The following description relates to processing when 
a delivery apparatus duplicates a contcnt content having a 
predetermined usage expiry date-time to a request apparatus. 
15 When the clocks included in the delivery apparatus and 

the request apparatus reach the time shown by the usage expiry 
date- time, the request apparatus deletes the content, and 
the delivery apparatus conducts processing to increase the 
remaining number of permitted duplications corresponding to 
20 the deleted content . 

Fig. 47 is a flowchart showing usage period management 
processing to manage content o content whose usage expiry 
date-time has been determined. 

In the given example, the delivery apparatus and 



198 



request apparatus in Fig. 47 are home server 2001 and playback 
apparatus 2 002, respectively. 

Content duplication as shown in Fig. 45 is conducted 
between the delivery apparatus and the request apparatus 
5 (S2401) . 

In the given example, the delivery apparatus transmits 
usage period information to the request apparatus at a time 
of transmitting the content to the request apparatus at step 
2212 . 

10 The request apparatus holds the received usage period 

information . 

The delivery apparatus instructs time management unit 
2105 to output a notification when the clock in time 
management unit 2105 shows the usage expiry date-time in the 
15 usage period information (S2402) . 

When there is a notification from time management unit 
2105 (S2402 = YES) , the request apparatus adds u l" to the 
remaining number corresponding to the request apparatus 
(S2403) . 

20 For example, when the request apparatus is an in- group 

apparatus, the delivery apparatus adds u l" to the in-group 
apparatus remaining number in the duplication-restriction 
information, and when the request apparatus is an out-group 
apparatus, the delivery apparatus adds "1" to the out -group 
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apparatus remaining number in the duplication-restriction 
information . 

When there is a notification from time management unit 
2205 (S2404 = YES) , the request apparatus deletes the content 
5 corresponding to the usage period information (S2405) . 

4.3.6 Duplication Reservation Processing 

Fig. 48 is a flowchart showing duplication reservation 
processing . 

10 The delivery apparatus, the request apparatus, and the 

other apparatus conduct the duplication- source 
determination processing shown in Fig. 42 (S2501) . 

In the given example, the delivery apparatus, the 
request apparatus, and the other apparatus are home server 

15 2 0 01, playback apparatus 2 0 02, and playback apparatus 2003, 
respectively . 

Also, the request apparatus selects the delivery 
apparatus as the duplication source, as a result of the S2501 
processing . 

20 The delivery apparatus holds the confirmation 

information identifying the content targeted for duplication, 
acquired at step S2501. 

The request apparatus transmits a duplication 
reservation request to the delivery apparatus that includes 
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a duplication start time at which to actually start the 
duplication (S2502) . 

The delivery apparatus receives the duplication 
reservation request, and timer- sets time management unit 
5 2105 to detect when the duplication start time is reached 
(S2503) . 

The delivery apparatus detects, in time management unit 
2105, the duplication start time being reached (S2504). 

The request apparatus and the delivery apparatus 
10 execute the processing from step S2203 in Fig. 45 (S2505) . 



4.3.7 .Return Processing 

After conducting content duplication from the delivery 
apparatus to the request apparatus, deletion of the content 
15 in the request apparatus and adding n l" to both the remaining 
number corresponding to the deleted content and the 
duplicable number of the content in the delivery apparatus 
is referred to as "return processing" . 

Fig. 49 is a flowchart showing return processing. 
20 In the given example, the request apparatus and the 

delivery apparatus are playback apparatus 2002 and home 
server 2001, respectively. 

Also, the delivery apparatus duplicates a 
content content to the request apparatus . 
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The request apparatus transmits a return request to the 
delivery apparatus that includes confirmation information 
identifying the content for return (S2601) . 

The delivery apparatus holds the received return 
5 request . 

The request apparatus and the delivery apparatus 
execute the mutual authentication and key sharing shown in 
Figs. 43 and 44 (S2602). 

The request apparatus shares session keys with the 
10 delivery apparatus as a result of the S2602 processing. 

The request apparatus transmits group affiliation 
information to the delivery apparatus (S2603). 

The delivery apparatus investigates whether the 
received group affiliation information matches group 
15 affiliation information held by the delivery apparatus, and 
judges the request apparatus to be in- group when matched and 
to be out -group when not matched (S2604) . 

When judged that the request apparatus is out-group 
(S2604 = NO) , the delivery apparatus transmits an error 
20 notification to the request apparatus (S2605) , and ends the 
processing . 

When an error notification is received (S2606 = YES) , 
the request apparatus ends the processing. 

When judged that the request apparatus is in-group 
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(S2604 = YES) , the delivery apparatus converts a format of 
the return request, and queues the converted return request 
in the request management queue as request management 
information (S2607) . 
5 The delivery apparatus detects when the request 

management information relating to the return request is at 
the head of the request management queue (S2608) . 

When detected that the return request is at the head 
of the request management queue (S2608 = YES) , the delivery 
10 apparatus transmits a return processing start notification 
to the request apparatus that includes the confirmation 
information (S2609) . 

Having received the return processing start 
notification, the request apparatus deletes the content 
15 identified by the confirmation information included in the 
received notification (S2610) . 

The request apparatus transmits a deletion- completed 
notification to the delivery apparatus that includes the 
confirmation information (S2611) . 
20 The delivery apparatus adds "1" to the target remaining 

number corresponding to the deleted content (S2612). 

The delivery apparatus deletes the return request from 
the head of the request management queue to updates the 
request management queue (S2613). 
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4.4 Variations 

(1) Although the above AD server- related variation was 
described in terms of a recording medium being connected to 
5 a home server via an apparatus, a medium insertion opening 
may be provided in the home server, and mutual authentication, 
content duplication and the like conducted when the home 
server is connected to the recording medium inserted in the 
insertion opening. 
10 While direct connection between the recording medium 

and the home server is different to connection via a playback 
apparatus and a network, differences do not arise in the 
methods of mutual authentication, content duplication and 
the like. 

15 (2) In order to determine a content distribution source, 

CDS determining unit 22 06 need not use ICMP echo response 

and rely messages. 

CDS determining unit 2206 may prestore an information 

processing capability of each apparatus, and determine the 
20 apparatus having the highest information processing 

capability from among those apparatuses responding to a 

broadcast to be the distribution source. 

Also, CDS determining unit 2206 may preset a priority 

level for each apparatus, and select the apparatus having 
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the highest priority level from among those apparatuses 
responding to a broadcast to be the distribution source. 

(3) Although the above was described in terms of the 
duplication-restriction information including usage period 
information, content duplication restrictions may be added 
using other information. 

For example, a duplication-restriction information 
(DRI) management unit may hold area restriction information. 

Area restriction information is information showing an 
area in which it is permissible to duplicate a 
contcnt content . 

Here, the area restriction information can take, for 
example, a value of "1" showing Japan, a value of u 2" showing 
the United States, and a value of "3" showing Germany. 

When a value of the area restriction information is "1" , 
content duplication is restricted to only apparatus within 
Japan . 

Also, a DRI management unit may hold a revocation list. 

The revocation list is a list apparatuses to which 
content duplication permission is not given. 

DRI management unit 2102 does not give permission for 
content duplication to apparatuses shown in the revocation 
list . 

Also, a DRI management unit may hold duplication 
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generation information . 

Duplication generation information shows how many 
times a contcnt content can be duplicated. 

For example, with a contcnt content having duplication 
generation information that shows "2", duplication is 
permitted up to a second-generation copy. 

(4) The content duplication management system may 
collaborate with an accounting system. 

In this case, the present system transmits an 
accounting request to the accounting system when judged to 
give content duplication permission to an out-group 
apparatus . 

A user of the content and an accounting amount are 
included in the accounting request. 

The accounting system enters into a contract with the 
content user in advance, when accounting arises, the 
accounting system enters into a contract for reimbursement 
or the like using a credit card, for example. 

When reimbursement processing is performed smoothly, 
the accounting system notifies a server of completion of the 
reimbursement processing . 

On receiving the reimbursement-processing completed 
notification, the server conducts content duplication after 
giving content duplication permission to the request 
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apparatus . 

Also, accounting may also be conducted every time 
content duplication is conducted, even within a homework 
network . 

5 (5) Although the above was described in terms of 

playback apparatus 2002 receiving transfer of rights 
permitting content duplication from home server 2001, 
playback apparatus 2 0 02 may operate as a backup device when 
home server 2001 is unable to operate. 

10 (6) The above was described in terms of in-group and 

out-group apparatus/medium remaining numbers being managed 
as duplication-restriction information. However, for 
management purposes, a total of the in-group apparatus 
remaining number and the in-group medium remaining number 

15 may be managed as an "in-group remaining number" , and a total 
of the out -group apparatus remaining number and the out -group 
medium remaining number may be managed as an "out -group 
remaining number", without distinguishing between 
apparatuses and recording mediums . 

20 (7) Although the above was described in terms of a home 

server acquiring duplication-restriction information via a 
network as compared with a broadcast, the acquisition route 
is not limited to a network. 

A broadcast station may transmit 
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duplication-restriction information by a broadcast, and a 
home server may acquire the duplication- restrict ion 
information by receiving the broadcast. 

(8) Although the above was described in terms of a 
5 request apparatus broadcast transmitting a confirmation 

request over a network as part of the duplication- source 
determination processing, other means apart from a broadcast 
may be used. 

For example, when candidates for being the 
10 distribution-source apparatus are predetermined, the 
request apparatus may multicast transmits the confirmation 
request . 

(9) The above was described in terms of a DRI management 
unit conducting processing on request management information 

15 at the head of the request management queue. However, when 
the remaining number (i.e. one of the in-group and out-group 
apparatus /medium remaining numbers) relating to request 
management information included at the head of the queue is 
"0" and processing shown by the processing classification 

20 cannot be executed, the request management information that 
is included in a position other than the head of the queue, 
and whose processing classification shows "delete" may be 
processed first. 

Since "1" is added to the remaining number as a result 
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of processing being conducted that prioritizes the request 
management information whose processing classification 
shows "delete" , a DRI management unit is able to conduct 
processing related to request management information 
5 included at the head of the queue. 

5 . Further Variations 

While the present invention has been described above 
based on the above embodiment, the present invention is of 
10 course not limited to this embodiment. Variations such as 
those described below are also included in the present 
invention. 



(1) Although in the above embodiment, CSI is copied using 
15 IC card 400 at a time of registering a device not connected 

to AD server 100, CSI may be transferred from client device 

to client device directly without using IC card 400. 

The transfer of CSI from playback apparatus 200 to a 

playback apparatus 200n, and the registration of playback 
20 apparatus 2 0 On as a device within the authorized domain 

managed by AD server 100 will now be described as an example. 

Playback apparatus 200 and playback apparatus 200n are 

connected, and playback apparatus 2 00n is operated to 

transmit a transfer request to playback apparatus 200. 
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Playback apparatus 2 00 and playback apparatus 2 00n establish 
a SAC and generate session key SK. Playback apparatus 200 
encrypts CSI with the session key SK and transmits the 
encrypted CSI to playback apparatus 200n. Playback apparatus 
5 200n decrypts the encrypted CSI using the session key, stores 
the CSI, and stores the ID of playback apparatus 20 0, which 
is the transfer source, received at a time of establishing 
the SAC. Also, playback apparatus 2 00n transmits a receipt 
notification to playback apparatus 200. Playback apparatus 
10 200, on receipt of the receipt notification, deletes the CSI 
in CSI storage unit 208 and stores u 0" in CSI storage unit 
208 . 

Playback apparatus 2 00n when connected to AD server 100 
and when a SAC is established, notifies AD server 100 of the 
15 CSI transfer, transmits the ID of the transfer source and 
the ID of playback apparatus 200n to AD server 100, and AD 
server 100 rewrites DEVICE ID in the registration 
information . 

20 (2) Although in the above embodiment, IC card 4 00 is 
affiliated with AD server 100, IC card 400 need not be 
affiliated . 

In this case, as with other client devices, IC card 400 
establishes a SAC when connected to AD server 100, registers 
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ID_4 as a device ID, and acquires CSI . 

AD server 100, at a time of recording a content key onto 
DVD 500, encrypts the content key using an encryption key 
generated by concatenating TD_4 of IC card 400 and CSI. 
5 On-vehicle device 3 00, when DVD 500 is mounted therein 

and when IC card 400 is connected, establishes a SAC with 
IC card 400 and shares session key SK. 

IC card 400 concatenates XD__4 and CSI stored in IC card 
400 to generate a decryption key, encrypts the decryption 
10 key using session key SK to generate an encrypted decryption 
key, and transmits the encrypted decryption key to on-vehicle 
device 300. 

On-vehicle device 3 00 decrypts the encrypted 
decryption key using session key SK to obtain a decryption 

15 key, decrypts the encrypted content key read from DVD 500 
using the decryption key to obtain a content key, decrypts 
an encrypted content using the content key to obtain a 
contcnt content , and plays the content. 

Also, the same processing as in (1) above to transfer 

20 CSI between client devices may be conducted to transfer CSI 
from an IC card to on-vehicle device 300. In this case, an 
IC card not affiliated with AD server 100 may, as with IC 
card 400 in embodiment 1, be provided with the function of 
notifying AD server 100 of a transfer. In this case, an IC 
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card that transfers CSI to on-vehicle device 300 prohibits 
the transfer of CSI without immediately deleting the CSI, 
and deletes the CSI after notifying AD server 100 of the 
transfer . 

(3) When registering a device not connected to AD server 
100 using IC card 400, a permission right or CSI may be 
transmitted from AD server 100 to IC card 400 via a network. 

As one example , when IC card 4 00 is connected to a client 
device such as a PC or the like that is connected to a network 
and has a communication function, IC card 400 conducts SAC 
establishment processing and receives a permission right or 
CSI using the communication function of the PC. 

The client device having the communication function is 
not limited to being a PC, and may be a personal digital 
assistant (PDA), a mobile telephone or the like. 

(4) In the above embodiment, contcnto content aro is either 
delivered from AD server 100 to a client device or recorded 
onto a DVD and distributed from AD server 100 to a client 
device. However, a SAC may be established between client 
devices and session key SK generated, and content o content 
delivered from one client device to another client device. 
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(5) In the above embodiment, on-vehicle device 3 00 is 
registered using IC card 400. However, withdrawal processing 
may be conducted in the same way using IC card 400. 

In this case, on-vehicle device 300, which has IC card 
5 400 connected thereto, is operated to transmit a withdrawal 
request to IC card 400, and IC card 400 establishes a SAC 
to confirm that on-vehicle device 300 is registered, and 
transmits a deletion notification to on-vehicle device 300. 
On-vehicle device 300 deletes the CSI, and transmits a 

10 deletion-completed notification to IC card 400 . IC card 400 , 
on receipt of the deletion-completed notification, stores 
the ID of the withdrawn on-vehicle device 300. IC card 400, 
when connected to AD server 100, notifies AD server 100 that 
on-vehicle device 3 00 has withdrawn and of the ID of 

15 on-vehicle device 300. AD server 100 deletes the ID of 
on-vehicle device 300 from DEVICE ID in the registration 
information, subtracts "1" from the registered number, and 
adds "1" to the remaining number. 

20 (6) In the above embodiment, AD server 100 confirms whether 
a target device is registered or unregistered by a value of 
CSI stored by the target device, using signature verification 
at a time of establishing a SAC. However, AD server 100 may 
confirm that a target device is registered or unregistered 
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by receiving an ID from the device to be authenticated, and 
judging whether the received ID is stored in DEVICE ID in 
the registration information. Also, all of the client devices 
registered as devices within the authorized domain of AD 
5 server 100 may store the registered IDs, and confirm whether 
other client devices are registered or unregistered by using 
the IDs in the same way as described above, 

(7) In the above embodiment, IC card 400 is used at a time 
10 of registering a device that is not connected to AD server 

100. However, AD server 100 may display CSI on display unit 
114 , and a user may manually input the CSI into a client device . 
In this case, a code to be inputted may be a value obtained 
by encrypting CSI, depending on the device, the session, and 
15 so forth. 

(8) In the above embodiment, at a time of establishing a 
SAC and encrypting and transmitting CSI, signature data of 
the device transmitting the encrypted CSI may be appended 

20 to the ciphertext. 

(9) In the above embodiment, registration information and 
CSI is stored internally in respective devices. However, 
registration information and CSI may be stored in a removable 
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memory area that cannot be read, written or copied without 
permission . 

(10) In the above embodiment, the ID of a device and CSI or 
5 a random number and CSI are concatenated for use as an 

encryption key at a time of encrypting a contcnt content , and 
as a decryption key at a time of decrypting the encrypted 
content key. However, the present invention is not limited 
to this, and an operation may be conducted using the ID of 
10 a device and CSI or a random number and CSI, and the resulting 
value used. 

(11) Although in the above embodiment, a maximum number, a 
registered number and a remaining number are managed as 

15 registration information, the present invention is not 
limited to this. 

The maximum number may be set as the initial value of 
the remaining number and w l" subtracted from the remaining 
number every time a device is registered, and a client device 

20 may be registered if the remaining number is not "0" . Also, 
the maximum number and the registered number may be managed, 
and a client device registered if the registered number is 
less than the maximum number. 
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(12) The maximum number, the registered number, and the like 
may be managed after dividing the number of devices in the 
registration information into devices connected online to 
AD server 100 and devices registered using IC card 400. 

(13) Although in the above embodiment, AD server 100 
conducts management based on stored registration information, 
a separate management authority may be provided and 
structured as in (a) to (c) below. 

(a) The management authority sets the maximum number 
of registerable devices, appends signature data of the 
management authority to the maximum number, and either 
records the maximum number onto a portable recording medium 
such as a DVD for distribution or distributes the maximum 
number via a communication channel. AD server 100 verifies 
the signature data, and if verification is successful, stores 
the maximum number as MAXIMUM in the registration 
information. 

(b) AD server 100 requests the management authority for 
the number of devices that AD server 100 seeks to register. 
The management authority conducts accounting in response to 
the number of devices, and if the accounting is successful, 
transmits information to AD server 100 permitting 
registration of the requested number of devices, and AD 
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server 100, on receipt of the information, accepts the 
registration of client devices within the permitted number. 

(c) AD server 100 sends out a request to the management 
authority every time a registration is received from a client 
5 device, and the management authority conducts accounting in 
response to the request, and permits the registration if the 
accounting is successful. AD server 100, when registration 
is permitted, registers the client device and transmits CSI 
to the client device. 

10 

(14) In the above embodiment, playback apparatus 20 0 plays 
content a content delivered from AD server 100. However, 
playback apparatus 2 00 may have a DVD playback function, and 
play contents content recorded onto DVD 500 by AD server 100. 

15 Also, in the above embodiment, AD server 100 joins each 

of the device IDs stored in the registration information with 
CSI and uses the result in the encryption of content keys. 
However, AD server 100 may prestore the ID of devices having 
a DVD playback function, extract the ID of the devices capable 

20 of playing DVD, and concatenate each of these IDs with CSI 
for use in the encryption of content keys. 

(15) Although in the above embodiment, AD server 100 records 
content o content onto a DVD, content o content may be recorded 
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onto a memory card, an MD, an MO, a CD, a BD (blu-ray disk) 
or the like, or onto an IC card. 

Also, apart from a playback apparatus, a client device 
may be a recording device or a combination of a playback 
5 apparatus and a recording device. Also, a client device may, 
apart from being installed in a user's home or mounted in 
a vehicle, be a portable device capable of being carried by 
a user. 

10 (16) IC card 4 00, because of being connected directly to AD 
server 100 or on- vehicle device 3 00, need not conduct SAC 
establishment processing . 

(17) In the above embodiment, signature data, at a time of 
15 establishing a SAC, is generated with respect to data in which 

CSI is concatenated to random numbers Cha_B or Cha_A. However, 
a hash value of data that is to be a signature target may 
be calculated, and signature data may be generated with 
respect to this hash value. 

20 

(18) In the above embodiment, at a time of establishing a 
SAC, CSI is used when judging whether a device targeted for 
authentication is registered or unregistered and when 
sharing keys. However, CSI need only be used in one of these 
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cases . 

Also, although in the above embodiment, authentication 
is conducted in both directions (i.e. mutually), 
authentication may be only unidirectional. 

5 

(19) Registration of client devices may be restricted by 
time . 

In this case, the time between AD server 100 and a client 
device is synchronized. AD server 100 sets a time period 

10 within which use of CSI is permitted as valid period 
information, transmits the valid period information and CSI 
to the client device, and add "1" to the registered number. 

The client device receives and stores the valid period 
information and the CSI. When the period shown by the valid 

15 period information ends, the client device deletes the CSI. 

AD server 100 , once the period shown by the valid period 
information has ended, subtracts "1" from the registered 
number. If storing the device ID, AD server 100 deletes the 
ID of the device whose valid period has expired. 

20 Moreover, the usage period information may show a 

date-time of the start/end of a usage period, or only the 
end date-time. Also, the usage period information may be 
information that sets restrictions on a period from the start 
of CSI usage , or may set restrictions on a period of operations 
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by a client device using the CSI . 

(20) Although there is a single AD server per authorized 
domain in the above embodiment, there may be a plurality of 
5 AD servers in a single authorized domain. 

In this case, a client device is able to select which 
of the AD servers to communicate with. As a selection method, 
a user may make a setting, or a client device may select the 
AD server closest in the authorized domain to the client 

10 device in terms of distance. Also, a client device may select 
the AD server having the highest processing capacity or a 
low number of other tasks . 

Also, as described below, an AD server requested for 
registration by a client device may, when unable to register 

15 the client device and the like, search for another AD server 
that is able to register the client device. 

Specifically, the client device transmits a 
registration request to an AD server. When the registered 
number in the requested AD server matches the maximum number, 

20 the requested AD server makes inquires with another AD server 
as to whether the other AD server can register the client 
device. The other AD server, when able to register the client 
device, registers the client device that requested 
registration and notifies the requested AD server that 
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registration is possible, and the requested AD server, on 
receipt of the notification, transmits CSI to the client 
device . 

Also, if the other AD server replies that registration 
5 of the client device is not possible, the AD server makes 
inquiries with yet another AD server. 

Also, one AD server may be selected to represent a 
plurality of AD servers, and the representative server may 
manage all of the in-group devices. In this case, when an 
10 AD server other than the representative server receives a 
registration request from a client device, the AD server 
inquires as to whether the client device is registerable in 
the representative server, and if registerable, the client 
device is registered in the representative server, and 
15 receives CSI from the representative server via the AD server 
that received the request. 

Moreover, if the representative server is currently 
conducting other operations, or the like, the AD server may 
inquire with the other AD servers as to whether any of these 
20 other AD servers are able to register the client device. 

Also, as shown in (a) and (b) below, since a registered 
number of devices is managed among a plurality of AD servers, 
the AD servers may share a list relating to registered 
devices . 
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(a) When AD servers R and S within the same authorized 
domain each register client devices, the ID of registered 
devices are stored as a device list. Also, whenever a list 
is updated by writing in IDs, the IDs are stored in the device 

5 list in correspondence with a version number. 

AD servers R and S exchanges device lists regularly or 
irregularly. AD server R compares the version number of the 
device list stored therein with the version number of the 
device list stored by AD server S, and stores the device list 
10 having the latest version number. AD server S conducts the 
same processing. In this way, it is possible for AD servers 
to always share the latest device list. 

Moreover, device lists may be exchanged every time the 
device list of one of the AD servers is updated. Also, 
15 registration information such as registered numbers and 
maximum numbers may be shared in the same way as above . 

(b) AD servers T and U within the same authorized domain 
hold device lists T and U, respectively, and at a time of 
registering a client device, store the device IDs of the 

20 client devices in correspondence with a registration time. 
AD servers T and U exchange device lists regularly or 
irregularly . 

AD server T, if the registered number stored therein 
as registration information is less than the maximum number, 



222 



writes client devices newly registered in device list U 
received from AD server U into device list T stored therein, 
in the order of registration. Also, AD server U, in the same 
way, receives device list T, and updates device list U in 
the order in which new client devices were registered. 

Moreover, client devices may be provided in advance 
with a priority level, and priority can be given to the 
registration of devices having a high priority level. Also, 
when the combined number of client devices newly registered 
in AD servers T and U exceeds the maximum number, priority 
may be given to the registration of devices having a high 
priority level, or a user may selected devices to be 
registered . 

According to this method, even if the requested AD 
server is in a power-OFF state, a client device can be 
registered in another AD server, and consistency maintained 
by exchanging device lists when the other server is updated, 
thus making it possible for AD servers to share the same device 
list . 

(21) In order to avoid duplication of CSI among different 
authorized domains, information exchange may be conducted 
between AD servers managing the different authorized domains, 
and confirmation made as to whether or not there is 
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duplication . 

Also, in order to improve safety, the AD servers may 
input respective CSI into a hash function to calculate a hash 
value, and exchange the hash values to confirm whether or 
5 not there is duplication. 

Also, instead of AD servers generating CSI, a 
management authority may be provided, and the management 
authority may generate the CSI of all of the authorized 
domains so as to avoid duplication, and send respective CSI 
10 to the AD servers in a safe manner. 



(22) Client devices may belong to a plurality of authorized 
domains . 

The number of authorized domains in which a client 
15 device can register may be restricted by restricting the 
number of pieces of CSI that the client device is able to 
store. Also, the present invention may be structured such 
that the number of authorized domains in which a client device 
can register is restricted by AD servers exchanging list 
20 information that shows registered client devices. Also, 
exchanging list information makes it is possible to confirm 
the number of authorized domains to which client devices 
belong . 

Otherwise, a management authority may be provided for 
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managing the number of authorized domains in which a client 
device registers. 

Also, a single AD server may manage a plurality of 
authorized domains. In this case, the number of pieces of 
different CSI that an AD server can store is restricted, and 
the AD server can manage authorized domains within this 
number. Also, the AD server may store the registerable number 
of client devices per piece of CSI, or may store pieces of 
CSI in correspondence with group IDs. 

(23) Authorized domains may each be allotted an identifier, 
and at a time of delivering a — contcnt content , the device 
delivering the content may embed the identifier of the 
authorized domain in which the device is registered in the 
content as an electronic watermark. 

In this way, it is possible to specify which authorized 
domain the content issued from, in the event of a 
contcnt content decrypted by a client device being improperly 
distributed outside of the authorized domain within which 
it originated. Furthermore, when a server that delivered the 
content manages the ID of client devices registered in 
various authorized domains, the ID of the client device that 
issued the content may be included in the CRL . 
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(24) Although in the above embodiment, content o content 
arc is delivered to a device after successfully- 
authenticating the device, the present invention is not 
limited to this. 

Authentication need not be conducted at a time of 
content delivery in the following cases. 

A device on the content transmission end generates an 
encryption key based on CSI, encrypts a content key using 
the generated encryption key, and transmits the encrypted 
content key and an encrypted content that was encrypted using 
the content key. 

A device on the receiving end, on acquiring the 
encrypted content and encrypted content key, generates based 
on the CSI, a decryption key the same as the encryption key, 
decrypts the encrypted content key using the decryption key 
to obtain a content key, and decrypts the encrypted content 
using the content key to obtain a contcnt content . 

In this way, only a device that holds the CSI can 
generate the decryption key and decrypt the encrypted 
content . 

Also, when an encrypted content is delivered first 
without authentication being conducted, and then 
authentication, as in the above embodiment, is conducted 
later to share a session key, and authentication is 
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successful, the content key may be encrypted using the 
session key and delivered. 

Moreover, the delivery of an encrypted content may be 
conducted by communication, or by recording the encrypted 
5 content onto a portable recording medium. 

Also, even when there is no content delivery request 
or the like from a device on the receiving end, a device on 
the transmitting end may judge to conduct content delivery 
or the like, or may conduct content delivery or the like in 
10 accordance with an input from outside. 



(25) In the above embodiment, a CSI storage unit stores u 0" 
as an initial value, and on receipt of CSI generated by AD 
server 100, overwrites the initial value with the acquired 

15 CSI. However, the initial value and the CSI may be stored 
in separate areas. Also, when the acquired CSI is stored in 
a separate area to the initial value, the initial value may 
be deactivated. 

Moreover, the deactivated initial value may be 

20 reactivated at a time of deleting CSI due to a transfer, 
withdrawal, or the like. 

Moreover, although the above was described in terms of 
"0" being stored as a value showing "unregistered", this 
value need not be u 0" , and may be any value that differs from 
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the value generated as CSI. 

(26) Although in the above embodiment, AD server 100 permits 
IC card 400 to copy CSI one time, AD server 100 may permit 
5 a plurality of copies. 

Also, IC card 400 may prevent CSI from being copied to 
the same client device more than once by, in addition to 
authenticating client devices using the CSI, storing the ID 
of client devices to which the CSI has been copied, and 
10 confirming the ID of client devices at a time of copying. 

Also, an IC card may be implemented with the function 
of registering client devices, and a device connected to the 
IC card may operate as an AD server. 

Also, a client device may be registered in an AD server 
15 as representing a plurality of client devices, and receive 
the right to copy CSI to the plurality of client devices. 
An example of this is shown using Fig. 50. 

An AD server 600 and a client device 601 are disposed 
in the home of a user, and client device 601 is already 
20 registered in AD server 600. AD server 600 stores a maximum 
number and a remaining number as registration information, 
the maximum number and remaining number in the given example 
being 4 and 3, respectively. 

On-vehicle devices 602, 603 and 604, which are not 
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registered in AD server 600, are mounted in a vehicle owned 
by the user. On-vehicle devices 603 and 604 do not function 
to communicate directly with AD server 600 . On-vehicle device 
602 is portable and does function to communicate directly 
5 with AD server 600. Also, on-vehicle devices 602, 603 and 
6 04 are connected to and can communicate with each another. 

On-vehicle device 602, when connected to AD server 600 
as a representative on-vehicle device, transmits a 
registration request to AD server 600 that includes a desired 

10 number u 3", which is the number of client devices on-vehicle 
device 602 seeks to register. 

AD server 600, on receipt of the registration request, 
authenticates on-vehicle device 602 and shares a session key, 
the same as in the above embodiment. If authentication is 

15 successful, AD server 600 judges whether the desired number 
in the registration request is less than or equal to the 
remaining number stored as registration information. If 
judged to be less than or equal to the remaining number, AD 
server 600 reads the stored CSI, encrypts the read CSI and 

20 permission right permitting the registration of three 
devices, using the session key, and transmits the encrypted 
CSI and the encrypted permission right to on-vehicle device 
6 02 as encrypted rights information. 

On-vehicle device 6 02, on receipt of the encrypted 
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rights information, decrypts the encrypted CSI and 
permission right using the session key to obtain CSI and a 
permission right. Also, because 1-device worth of the 
permission right is used in storing the obtained CSI, the 
5 permission right stored shows two devices to be registerable . 
Also, on-vehicle device 602 conducts authentication with 
on-vehicle devices 603 and 604, and if successful, transmits 
the CSI to on-vehicle devices 603 and 604 and reduces the 
number of registerable devices shown in the permission right . 

10 In this way, on-vehicle devices 603 and 604 can be 

registered as client devices. 

Moreover, if the remaining number is less than the 
desired number, AD server 600 transmits a permission right 
permitting the registration of devices equal to the remaining 

15 number. As an example, when a permission right permitting 
the registration of two devices is transmitted, on-vehicle 
device 602 uses the permission right for 1 device in storing 
the obtained CSI, and uses the remaining permission right 
for 1 device by transmitting the CSI to one of on-vehicle 

20 devices 603 and 6 04 . The device to which the CSI is transmitted 
may be selected by the user, or each device may have a priority 
level, and the CSI transmitted to the device having the higher 
priority level . 

Also, at a time of registering on-vehicle devices 602, 
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603 and 604 in AD server 600, the following processing is 
conducted when registering an ID of each on-vehicle device 
in AD server 600. 

On-vehicle device 602, before registering, acquires 
the IDs of on-vehicle devices 603 and 604. On-vehicle device 
602, at a time of registering, transmits the acquired IDs 
and the ID of on-vehicle device 602 to AD server 600 . AD server 
600 stores the received IDs as device IDs. Also, if the 
remaining number is less than the desired number, AD server 
6 00 stores, from the received IDs, IDs for how ever many 
devices is shown by the remaining number. In this case, the 
user may select which IDs to register, or each ID may have 
a priority level, and IDs stored in a descending order of 
priority . 

Also, when there is an excess of a permission right, 
it is possible for on-vehicle device 602 to return the excess 
to AD server 600. 

Moreover, although on-vehicle device 602 is described 
above as acquiring a permission right that includes the right 
of on-vehicle device 602, on-vehicle device 602 may register 
with AD server 6 00 as described in the above embodiment, and 
then acquire the right to notify CSI to on-vehicle devices 
603 and 604 . 
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(27) A plurality of authorized domains may be combined to 
form a single authorized domain. 

As an example, the combining of AD_E and AD_F to form 
AD_G is described below using Fig. 51. 
5 AD__E and AD_F are each structured from a single AD 

server and a plurality of client devices (not depicted) . A 
maximum of n m" number of client devices is registerable in 
an AD server E in AD_E , and devices registered in AD__E each 
hold CSI_E. Also, a maximum of "n" number of client devices 
10 is registerable in an AD server F in AD_F, and devices 
registered in AD_F each hold CSI_F. 

AD_G is formed from these two authorized domains. First, 
a device to be AD server G managing AD_G is determined from 
out of AD servers E and F. At this time, the device to be 
15 AD server G may be determined based on processing capacity, 
priority levels and the like, or may be determined by a user. 
The AD server that is not AD server G is registered in AD_G 
as a client device. 

A maximum of w k" number of devices registerable in AD 
20 server G is set as "m" , n n" or the mean of w m" and u n" . Also, 
AD server G newly generates CSI_G, authenticates each of the 
client devices, and transmits CSI_G to devices that are 
successfully authenticated. 

If the aggregate number of devices forming AD_E and AD_F 
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exceeds the maximum "k" , devices for registration are 
selected. In this case, AD server G may make the selection 
based on predetermined priority levels, or the user may make 
the selection. 

5 Moreover, apart from newly forming a single authorized 

domain from two existing authorized domains, one authorized 
domain may be added to the other authorized domain. When AD_F 
is added to AD_E, devices within AD_F are registered in AD 
server E as AD_E client devices, and hold CSI_E. In this case, 
10 if the number of client devices for registration exceeds 
maximum w m" , devices for registration may be selected as 
described above. 

Moreover, "m" , "n" and w k" are positive integers. 

15 (28) A single authorized domain may be divided into a 
plurality of authorized domains. 

As an example, the forming of AD__I and AD_J from AD_H 
is described below using Fig. 52. 

AD__H is structured from an AD server H and a plurality 
20 of client devices (not depicted) . 

AD server H is able to register "p" (positive integer) 
number of client devices, and devices registered in AD_H each 
store CSI_H. 

AD server H, at a time of forming AD_I and AD__J , selects 
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devices to be new AD servers I and J from client devices in 
AD_H. At this time, devices having a high processing 
capability may be selected as AD servers, or the selection 
may be made based on the predetermined priority levels of 
5 devices. Also, a user may make the selection, or the selection 
may be made among client devices based on processing 
capability, priority levels and the like. Moreover, AD server 
H may form a new authorized domain as AD server I or AD server 
J. 

10 After the division, client devices to belong to each 

authorized domain are selected. At this time, AD servers I 
and J may make respective selections based on priority levels , 
or the user may make the selection. 

AD servers I and J can each register a maximum of "p" 

15 number of client devices. Also, once the client devices of 
each authorized domain have been selected, AD server I 
generates CSI_I and transmits the generated CSI_JE to selected 
client devices. Also, AD server J, in the same way, generates 
CSI_J and transmits the generated CSI__J to selected client 

20 devices. 

Moreover, AD servers I and J may conduct authentication 
every time a client device is selected or at a time of 
transmitting newly generated CSI . 

Also, apart from newly forming two authorized domains 
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from a single authorized domain as described above, one new 
authorized domain may be formed from AD_H, and client devices 
divided between the original AD_H and the new authorized 
domain. 

5 

(29) When a client device cuts a power supply, the client 
device may remain registered in an AD server, and CSI 
temporality deleted. 

In this case, once a client device is registered in an 
10 AD server, the AD server stores an ID of the client device, 
and transmits CSI . 

The client device, having stored the received CSI, is 
able to use content s content as a device within the authorized 
domain managed by the AD server . The client device , on receipt 
15 of a power-OFF instruction, deletes the CSI and sets power 
off. At this time, the ID of the client device stored in the 
AD server is not deleted. 

When the power supply of the client device is again set 
"on", the client device transmits the ID to the AD server. 
20 The AD server judges whether an ID matching the received ID 
exists among IDs stored therein, and again transmits the CSI 
to the client device without updating the registration 
information if judged that a matching ID exists. 

Moreover, the CSI may also be temporarily deleted in 
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the event of cable or radio communication being interrupted, 
and when communication is reestablished, the ID may again 
be transmitted and the CSI again acquired. 



5 (30) Although in the above embodiment, authentication is 
conducted using CSI , the following authentication processing 
(a) to (c) may be supplemented. 

(a) Authenticate that a client device is connected to 
the same in-house LAN as an AD server, using a code uniformly 

10 provided by a system, or a MAC address, an IP address or the 
like . In this way, it becomes difficult to register the client 
device of another user/entity. 

Also, when an AD server and a client device conduct 
radio communication, it may be authenticated that the client 

15 device is within range of the radio waves. 

Also, when communication is possible between an AD 
server and a client device, authentication data may be 
transmitted from the AD server to the client device, and 
response data transmitted from the client device to the AD 

20 server. The AD server may clock the time period from 
transmission of the authentication data to reception of the 
response data, and if the clocked time is within a preset 
threshold, the client device may be authenticated as being 
located in-house. 
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Also, time-to-live (TTL) values maybe set to be within 
the number of in-house routers, thus preventing the AD server 
from being able to communicate with out-house devices. 

Also, it may be authenticated whether a client device 
5 is located in-house by judging whether the client device is 
connected to the same power source as the AD server. 

(b) Preset a password in an AD server, and at a time 
of registering a client device, the user manually inputs a 
password into the client device. The client device transmits 

10 a registration request to the AD server that includes the 
inputted password, and the AD server judges whether the 
received password included in the registration request 
matches the preset password. 

Also, a plurality of passwords may be set, an example 

15 of which is each member of a family setting their own password. 
Also , an ID identifying a user may be combined with a password . 

(c) Instead of a password as in (b) above, biomatrix 
information such as fingerprints, the iris, and the like may 
be used. In this way, it becomes possible for only a preset 

20 user to register a client device. 

(31) An initial value held by a client device may be applied 
as described in (a) to (c) below. 

(a) A client device holds a single initial value showing 
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n not registered in AD server" . When the client device 
registers with the AD server, the initial value is 
deactivated . 

(b) A client device holds a plurality of initial values 
corresponding one-to-one with a plurality of AD servers. At 
a time of registering with one of the AD servers, 
authentication is conducted using an initial value 
corresponding to the AD server, and if successful and the 
client device is registered, the corresponding initial value 
is deactivated. Likewise, if the client device registers in 
another of the AD servers, an initial value corresponding 
to the other AD server is deactivated. 

Moreover, each initial value may be identified in 
correspondence with an identifier of a group. 

(c) A client device holds a single initial value showing 
"not registered in any AD server" . When the client device 
registers with an AD server, the initial value is 
deactivated. 

(32) The present invent ion may be a method showing the above . 
Also, this method may be computer program realized by a 
computer, or a digital signal formed from the computer 
program . 

Also, the present invention may be a flexible disk, a 
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hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a 
BD (blu-ray disk) , a semiconductor memory or similar 
computer-readable recording medium that stores the computer 
program or the digital signal. Also, the present invention 
5 may be the computer program or digital signal recorded onto 
such a recording medium. 

Also, the present invention may be the computer program 
or the digital signal transmitted via a network or the like, 
representative examples of which include a telecommunication 
10 circuit, a radio or cable communication circuit, and the 
Internet . 

Also, the present invention may be a computer system 
that includes a microprocessor and a memory, the memory 
storing the computer program and the microprocessor 
15 operating in accordance with the computer program. 

Also, by transferring the computer program or the 
digital signal, either recorded on the recording medium or 
via a network or the like, the present invention may be 
implemented by another independent computer system. 

20 

(33) The present invention may be any combination of the 
above embodiment and variations. 

Although the present invention has been fully described 
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by way of examples with reference to the accompanying 
drawings, it is to be noted that various changes and 
modifications will be apparent to those skilled in the art. 
Therefore, unless such changes and modifications depart from 
5 the scope of the present invention, they should be construed 
as being included therein. 
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ABSTRACT 

A content duplicat io n content management system formed 
from a playback apparatus that requests and plays 
contcnts content , and a content duplicat ion content 
5 management apparatus that manages duplication and deletion 
of contcnto content . The playback apparatus notifies group 
information of the playback apparatus to the 
content duplicat ion content management apparatus, acquires 
information from the content duplicat ion content management 

10 apparatus showing whether requests are permitted, and 
duplicates/deletes contcnto content . By judging whether the 
playback apparatus belongs to a group, and notifying whether 
a duplication request is permitted or rejected, based on 
in-group and out-group remaining numbers that show the 

15 remaining number of duplications permitted of apparatuses 
in-group and out-group, respectively, the 

content duplicat ion content management apparatus relaxes 
restrictions on in-group content duplication as compared 
with out -group content duplication, and thus improves 

20 convenience for users in a home network, while protecting 
the rights of copyright holders, with respect to content 
duplication and usage. 
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